OESF Portables Forum

Everything Else => Zaurus Distro Support and Discussion => Distros, Development, and Model Specific Forums => Archived Forums => Angstrom & OpenZaurus => Topic started by: conn-fused on June 14, 2005, 10:21:58 am

Title: Openzaurus 3.5.3 Firewall Solutions
Post by: conn-fused on June 14, 2005, 10:21:58 am

I've noticed iptables in the OZ feed, and I'm tempted to install it. I've never designed a firewall for an embedded environment before, however, so I'd like to see what others have come up with.

Has anyone out there written an iptables script for their Zaurus? If so, please post it!

Also, how have you implemented it? Do you just drop the script into /etc/init.d with links in /etc/rc[2-5].d?

Title: Openzaurus 3.5.3 Firewall Solutions
Post by: Storm on June 14, 2005, 11:42:55 pm

Quote

I've noticed iptables in the OZ feed, and I'm tempted to install it. I've never designed a firewall for an embedded environment before, however, so I'd like to see what others have come up with.

Has anyone out there written an iptables script for their Zaurus? If so, please post it!

Also, how have you implemented it? Do you just drop the script into /etc/init.d with links in /etc/rc[2-5].d?
[div align=\"right\"][{POST_SNAPBACK}][/a][/div] (http://index.php?act=findpost&pid=84210\")

What I suggest (though I haven't tried it yet, since the motherboard on my primary workstation died and took the processor with it) is to use [a href=\"http://fwbuilder.org]fwbuilder[/url], which provides a GUI representation of the firewall rules. Create a fwbuilder file (e.g. <hostname>) for your Zaurus, compile, and copy the resulting file (e.g. <hostname>.fw) to the Zaurus and set up an init.d script to run it on bootup. There are pretty good instructions on the fwbuilder site to make the firewall kick off on bootup or change of IP address.

That said, I don't run enough external services (only ssh) to warrant a full IPtables ruleset, the only thing I have considered is blocking the random username/password attacks against ssh.

--Storm

Title: Openzaurus 3.5.3 Firewall Solutions
Post by: tfraser on November 26, 2005, 03:37:17 pm

Quote

Has anyone out there written an iptables script for their Zaurus? If so, please post it!

Also, how have you implemented it? Do you just drop the script into /etc/init.d with links in /etc/rc[2-5].d?
[div align=\"right\"][{POST_SNAPBACK}][/a][/div] (http://index.php?act=findpost&pid=84210\")

I've implemented "Snowfence", a simple iptables firewall that prevents remove users from connecting to your Zaurus over the net while still permitting you to surf and use the cradle as usual.  I've made an .ipk for it; it just drops the script into /etc/rc.d/init.d and adds the appropriate rc links, just as you guessed.

Please see [a href=\"http://alum.wpi.edu/~tfraser/Software/Snowfence]the Snowfence page[/url]
for downloads and more info.

Title: Openzaurus 3.5.3 Firewall Solutions
Post by: Da_Blitz on November 27, 2005, 04:28:11 am

firehol looks good as well, nice and simple, saw it in the command line grml live cd