First of all firehol is a very powerful application. It takes basic language and turns
that into very secure iptable entries. It also includes protection from syn floods, port scans,
and other anomalies. Firehol is very easy to configure and you will be up and running
with a secure machine in no time.
Please inform me if I have made any mistakes since this is my first HOWTO:
1.) Install it via apt-get install firehol
Find your ethernet interfaces by using "ip link show" remember these as you will
have to add them to your firehol configuration or you will not be able connect to
the internet
2.) Enable firehol in the /etc/default/firehol:
START_FIREHOL=YES
3.) Firehol uses names for the services like ssh/scp/http as you would normally recognize them. gedit or nano /etc/firehol/firehol.conf
My Firehol.conf:
version 5
# Requires a specific version of firehol
interface "ath0 wlan0" INTERNET
# These are my internet interfaces
protection strong 10/sec 10
# We want protection from icmp/syn/frags/etc
server "upnp samba netbios_dgm netbios_ns netbios_ssn" accept
#server connections are incoming
client "upnp dns http ssh dhcp whois https time rdp vnc ntp netbios_dgm netbios_ns netbios_ssn emule irc pop3 smtp" accept
#client connections are outgoing
client custom mswins tcp/445 default accept
#created my own client custom service
server custom mswins tcp/445 default accept
#created my own server custom service
server custom netbios udp/30000:40000 137 accept
policy deny
#this is important, so all connections other than the above specified are blocked
UNMATCHED_INPUT_POLICY="DROP"
#Again.. incoming other than specified drop!
UNMATCHED_OUTPUT_POLICY="DROP"
#Again.. outgoing other than specified drop!
FIREHOL_LOG_LEVEL=4
#Log your dropped connections for security or to find out what holes are left in your firewall.
Ok.. we are almost there..
in a console type "firehol try" and if there were any errors it will let you know then type commit as in you want to commit to the firewall changes
If you have any problems you can "firehol stop" to remove all entries in iptables or "firehol debug" to see exactly what iptables entries you have listed.
I really like firehol as compared to those gui firewalls like firestarter and guarddog. You can do exactly what you want to with firehol. If you tail -f /var/log/messages you can see that firehol will show you any irregular connections and dropped connections. This is important to watch so you can see people probing your box and combined with something like snort and/or psad you have some great analysis and protection for your box!
Please remove those comments I added from the configuration, they were just for informational purposes
For a list of services that firehol does support please go to: http://firehol.sourceforge.net/services.html?
In just a few minutes you can have a very secure firewall up and running.
...Phew!
Any questions about firehol please message me or go to the main firehol site
Bookmarks