Настройка iptables в Ubuntu с помощью Firehol

Step One - Installing firehol

Installing firehol is quite easy, as it is in the official repositories. Just open a terminal and do a

sudo aptitude install firehol

and you're all ready. Don't close your terminal, because we will need it some more.

Step Two - Setting firehol up

We have to edit two files. First, we have to enable firehol. Open and edit the file /etc/default/firehol, e.g. with VIM:

sudo vim /etc/default/firehol

Change the first line from

START_FIREHOL=NO

to

START_FIREHOL=YES

save and exit (in VIM, hit [ESC] and then ':wq').

Then we have to define the Firewall rules themselves:

sudo vim /etc/firehol/firehol.conf

Paste this part into the file:

version 5
# Accept all client traffic on any interface
interface any internet
        protection strong
        server "icmp ping ICMP ssh" accept
        client all accept

This filters all incoming connetions that are not related to SSH or ICMP. If you want to be less polite, you can drop them by adding

policy drop

after 'protection strong'.

Starting and Fixing firehol

To start firehol just enter

sudo /etc/init.d/firehol start

and DON'T panic if you get a rather long error message. That is related to a bug currently in Ubuntu. To fix it, just enter the following sequence of commmands:

sudo sed 's/%q/%b/g' /lib/firehol/firehol > TMPFILE
sudo cp /lib/firehol/firehol /lib/firehol/firehol.backup
sudo mv TMPFILE /lib/firehol/firehol
sudo chmod 744 /lib/firehol/firehol

and now try it again:

sudo /etc/init.d/firehol start

And now your computer won't accept connections from the outside unless it's a ping request, traceroute or ssh.

Have fun!

Оригинал: http://howtoforge.com/setting-up-an-iptables-firewall-with-firehol-on-ub...