Topic: Firewall Questions
The NetSecL firewall is a script not a GUI application, it stealths all ports and protects against many scans, has snort if you would like to use it as IDS. You basically would not have to do anything just let it run (which also happens by default in NetSecL), unless you need to allow some server application trough the firewall or set some IP that the script was unable to fetch. Options are in the script itself, open it in a text editor and say Y or N to turn on or off available options.
There is the archive release that is only for other distros. The firewall by itself is integrated in NetSecL. If you use the firewall in a different than NetSecL distro the script will be /etc/rc.d/rc.firewall and by the default in NetSecL this would be /etc/rc.d/rc.standart
Here are some Questions, Answers and Info about the firewall.
Q: I have a router what do I need to change?
A: If you have a router just open the script you use by default rc.standart and set BEHINDROUTER to Y then save. It should work just fine.
Q: Can somebody explain the differencies of the two version of the firewall script, the standard and the advanced one?
A: The difference is if you want to use snort, you will have to use the advanced firewall script - set it in rc.firewall, you will see a variable there, also in the snort configuration you have to set your network.
And here a more detailed list of the changes that need to be made to use snort:
1. etc/rc.d/rc.firewall set to Y the use of the advance script
NOTE: when you set this you will no longer use the standart script so this means any changes to the settings you made there, you will have to make to the rc.advanced script
2. In your /etc/snort_inline.conf. The default value of HOME_NET is [192.168.0.0/16] - you can change that to only your IP with a mask of 32 or with a lower mask to have your network.
and then all you have to do is restart or:
and then everything should be ok.
That's it for now .
I hope I'll have soon more questions to answer .