Debianhelp.co.uk


 picoFIREWALL Configuration in Debian

What is picoFIREWALL?

A Linux Firewall for Debian, SuSE, and other Linux Distributions - Tested on Debian and SuSE Linux.picoFirewall protects your personal PC reliably and without configuration.picoFirewall protects your server reliably and with little configuration.

picoFIREWALL Features?

picoFIREWALL is a small (as the prefix 'pico' implies) firewall based on netfilter (the part in the Linux-Kernel) and iptables (the user-interface).
It is setup to be a stateful firewall, meaning that it keeps track of its connections and thereby distinguishes packets associated with an established connection from packets, which are not associated with a connection from your PC.

picoFIREWALL was especially designed to serve three purposes: Protect the machine very well, easy or no configuration, and find a good balance of logging packets and keep the log file small. A useful feature is rule-based logging: the entries in the log-file allow to find the corresponding rule in picofirewall.conf, which caused the entry. These rule-based comments also appear in the log file analysis program picoFIRESCAN.
The principle followed was a 'drop all packets philosophy', then allow needed packets on a step-by-step basis; this concept seemed more safe to me than the other way round (first allow everything, then make restrictions).

It does a good job and secures machines, which are directly connected to the internet (via ADSL, TV-cable, modem, or otherwise). If you have more than one ethernet interfaces, the one pointing to the internet will be protected; the other interfaces will be allowed full in- and outbound traffic.
This firewall allows to run VMware on this machine if you are running it in the NAT mode and want to connect to your host system.

Picofirewall is intended to protect your machine against unauthorized packets arriving from the internet. However, in addition you should also make sure, that you do not have any services running on your Linux system, which are not really necessary. If you have such services running, you should only allow to use them by those you trust.

Download picoFIREWALL

Source

http://www.seismo.ethz.ch/linux/downloads/picofirewall.tar.gz

For Debian Users

Add the following line in your /etc/apt/sources.list

deb http://debian.seismo.ethz.ch sarge ethz_sed

Installing picoFIREWALL in Debian

You need to enter the above source list in your /etc/apt/sources.list file and then you need to run the following commands

#apt-get update

You should first stop any existing firewall you have already running

#apt-get install picofirewall

That's it this will install the picofirewall in debian

documentation is available in /usr/share/doc/picofirewall

picoFIREWALL Configuration in debian

Typically, picoFirewall needs no configuration.Default configuration file located at/etc/picofirewall/picofirewall.conf. You should run a web-, dns-, dhcp-, or mail-server, modify the file /etc/picofirewall/picofirewall.conf.

Note:- Attention Debian users

In early 2004 it was experienced, that the kernel did not properly log the firewall results; this problem has obviously been solved now.Should you experience this behaviour, proceeed as follows

Modify the file /etc/init.d/klogd

Instead of KLOGD="" it should read: KLOGD="-c 1"

This is necessary in order to have the firewall logging

Then enter: # /etc/init.d/klogd restart

If you want to know more about configuration click here

Starting and stopping picofirewall

For starting

#/etc/init.d/picofirewall start

For stopping

#/etc/init.d/picofirewall stop

picoFIRESCAN

In order to have a nice view of the entries in the log file, I recommend to also install picoFIRESCAN. picoFIRESCAN analyses the entries in the logfile of picoFIREWALL and creates HTML pages in order to get a quick overview of what happened to incoming and outgoing packets.

If you want to install picoFIRESCAN follow the instruction available here