Article 5516 at 06/06/02 22:05:33 From: bluequartz (at mark) vaporised.com Subject: [coba-e:05516] Re: Basic firewall package

Index: [Article Count Order] [Thread]
Date:  Fri, 2 Jun 2006 14:06:06 +0100
From:  "Vapor" <bluequartz (at mark) vaporised.com>
Subject:  [coba-e:05516] Re: Basic firewall package
To:  coba-e (at mark) bluequartz.org
Message-Id:  <20060602124626.M54619 (at mark) vaporised.com>
In-Reply-To:  <03e501c6861d$765e1a50$2003a8c0@DELLLAPTOP>
References:  <495D79CB-EC37-47AE-A838-6844330FD93D (at mark) alpha.or.jp> <03e501c6861d$765e1a50$2003a8c0 (at mark) DELLLAPTOP>
X-Mail-Count: 05516

> You may wish to look at the firewall package that's at
> http://bluequartz.ixc.co.uk/ I wrote this a while back and had some good
> feedback from people on the list. The Gui is simple and allows blacklist and
> port restrictions to be loaded into iptables. It just needs wrapping up as a
> package, I believe it will suit a lot of users who are using the host
> edition and with a bit of work those who are looking at workgroup uses.

I've had this installed on a 2.5 box for a few months now, works very well. I did 
however have to install more stuff via CPAN to get some of the listed CPAN modules 
working. I also made a slight mod or two, my install notes (a modded, shortened version 
of Leigh's - nice piece of work btw Leigh, thx):

-----
### CPAN - Answer yes to all dependencies ###
perl -MCPAN -e 'install Bundle::CPAN'
perl -MCPAN -e "install('Test::Pod')"
perl -MCPAN -e "install('Pod::Coverage')"
perl -MCPAN -e 'install NetAddr::IP'
perl -MCPAN -e 'install Proc::Daemon'
perl -MCPAN -e 'install Proc::PID::File'


### FIREWALL ###
cd /home/workspace/ ; wget http://bluequartz.ixc.co.uk/firewall.tgz
tar -zxvf firewall.tgz
cd src
cp lists.xml /usr/sausalito/ui/menu/base/lists.xml
mkdir /usr/sausalito/ui/web/base/firewall
cp firewall.php /usr/sausalito/ui/web/base/firewall
mkdir /home/firewall
touch /home/firewall/blacklist
touch /home/firewall/whitelist
touch /home/firewall/ports
touch /home/firewall/udp
touch /home/firewall/ftp
cp rules /home/firewall
chown apache.apache /home/firewall -R
chmod 700 /home/firewall -R
cp iptables.sh /usr/bin/
chmod 755 /usr/bin/iptables.sh
cp monitor2.pl /usr/bin/
chmod 755 /usr/bin/monitor2.pl
cp /etc/cron.hourly/log_traffic /home/workspace/backups/sysfiles/
cp log_traffic /etc/cron.hourly/log_traffic
nano -w /etc/cron.hourly/log_traffic
##send iptables.sh output to ">/dev/null 2>&1" or it will email you every hour##
##mod DNS rules section, add in+out TCP to allow polls##
/etc/init.d/iptables restart
/usr/bin/monitor2.pl
Setup in GUI (113, 143)
-----

May be of help to have 143 as a check box for IMAP? 113 I added for oidentd but it's 
safe to say not many folks would run this on a hosting box. I just opened port 53 in and 
out in iptables.sh to get polling working (adding via GUI did not work, I imagine some 
conflict with hard coded values. Not essential but a failure on DNSreport otherwise.

People should not just follow my above notes blindly - please follow the authors 
original instructions and learn as you go: http://bluequartz.ixc.co.uk/

Kindest

Brett