← previous next →
Pages: [1]

Author Topic: Openzaurus 3.5.3 Firewall Solutions  (Read 3262 times)

conn-fused

  • Newbie
  • *
  • Posts: 35
    • View Profile
Openzaurus 3.5.3 Firewall Solutions
« on: June 14, 2005, 10:21:58 am »
I've noticed iptables in the OZ feed, and I'm tempted to install it. I've never designed a firewall for an embedded environment before, however, so I'd like to see what others have come up with.

Has anyone out there written an iptables script for their Zaurus? If so, please post it!

Also, how have you implemented it? Do you just drop the script into /etc/init.d with links in /etc/rc[2-5].d?
Logged

Storm

  • Full Member
  • ***
  • Posts: 156
    • View Profile
    • http://
Openzaurus 3.5.3 Firewall Solutions
« Reply #1 on: June 14, 2005, 11:42:55 pm »
Quote
I've noticed iptables in the OZ feed, and I'm tempted to install it. I've never designed a firewall for an embedded environment before, however, so I'd like to see what others have come up with.

Has anyone out there written an iptables script for their Zaurus? If so, please post it!

Also, how have you implemented it? Do you just drop the script into /etc/init.d with links in /etc/rc[2-5].d?
[div align=\"right\"][{POST_SNAPBACK}][/a][/div]

What I suggest (though I haven't tried it yet, since the motherboard on my primary workstation died and took the processor with it) is to use [a href=\"http://fwbuilder.org]fwbuilder[/url], which provides a GUI representation of the firewall rules. Create a fwbuilder file (e.g. <hostname>) for your Zaurus, compile, and copy the resulting file (e.g. <hostname>.fw) to the Zaurus and set up an init.d script to run it on bootup. There are pretty good instructions on the fwbuilder site to make the firewall kick off on bootup or change of IP address.

That said, I don't run enough external services (only ssh) to warrant a full IPtables ruleset, the only thing I have considered is blocking the random username/password attacks against ssh.

--Storm
Logged
Zaurus SL-5500/Hentges OZ 3.5.4.1
Ambicom WL1100-CF wireless card
Desktop: Debian/GNU Linux (unstable)

tfraser

  • Newbie
  • *
  • Posts: 3
    • View Profile
    • http://alum.wpi.edu
Openzaurus 3.5.3 Firewall Solutions
« Reply #2 on: November 26, 2005, 03:37:17 pm »
Quote
Has anyone out there written an iptables script for their Zaurus? If so, please post it!

Also, how have you implemented it? Do you just drop the script into /etc/init.d with links in /etc/rc[2-5].d?
[div align=\"right\"][{POST_SNAPBACK}][/a][/div]

I've implemented "Snowfence", a simple iptables firewall that prevents remove users from connecting to your Zaurus over the net while still permitting you to surf and use the cradle as usual.  I've made an .ipk for it; it just drops the script into /etc/rc.d/init.d and adds the appropriate rc links, just as you guessed.

Please see [a href=\"http://alum.wpi.edu/~tfraser/Software/Snowfence]the Snowfence page[/url]
for downloads and more info.
Logged
SL-6000L - Sharp ROM v1.12
128MB PNY CF
16MB Canon SD

Da_Blitz

  • Hero Member
  • *****
  • Posts: 1579
    • View Profile
    • http://www.pocketnix.org
Openzaurus 3.5.3 Firewall Solutions
« Reply #3 on: November 27, 2005, 04:28:11 am »
firehol looks good as well, nice and simple, saw it in the command line grml live cd
Logged
Personal Blog
Code
Twitter

Gemini Order: #95 (roughly)
Current Device: Samsung Chromebook Gen 3
Current Arm Devices Count: ~30
Looking to acquire: Cavium Thunder X2 Hardware
Pages: [1]
← previous next →