$ whatis slackfire
SlackFire is an iptables script written especially for Slackware, my favourite Linux distribution in this corner of the Galaxy. The main purpose of the script is to protect a stand-alone machine or a small network with a stateful firewall. SlackFire isn’t perfect (yet) but have you seen a perfect iptables script?
Anyway, I hope that README and this screenshot will give an idea of how it works and how it doesn’t.SlackFire may be freely used, modified, and distributed under the terms of the GNU General Public License with any Linux distribution except Caldera and those RedHat releases which are not legally available for free download.Source: http://slackfire.berlios.de/
Came across a new little firewall script while searching www.linuxpackages.net called SlackFire. So I’d thought I would replace my old Slackware firewall with this one and test it out.It’s pretty easy to set up, just install the package, then use slocate to find all the relative scripts and directories it installed. You can basically edit one configuration file to get it up and running, but you can also edit a few more files that come with it in order to fine tune it. These are the basic steps I took.#installpkg slackfire*.tgz
#slocate slackfireYou can edit the slackfire.conf file found in /etc/slackfire by following the built in instructions and comments in the file. It offers alot of options for logging and since I just love reading logs, I turned them all on. imafreak.
I just edited the file to protect my one exterior device, for my one desktop inside my LAN. Even though you can set it up as a router device.I would suggest you read the README file you can find that here > http://slackfire.berlios.de/READMEThen I started the firewall script, and went ahead and linked it to start every time I reboot.#slackfire start
#ln -s /usr/sbin/slackfire /etc/rc.d/rc.firewallThen I checked my syslog to see what was logged.#grep Fired /var/log/syslog
A list of logged Fired intries can be found on the README.
All it showed was that the slackfire script started. So I tried to go teh internet…nothing. Checked the syslog again, and it showed a denied connection to my internal gateway ip address which is a private 192.168….
If you read the README you know theres a file that comes with the script called blocked_host, found /etc/slackfire/blocked_host, that blocks all connections to private address pools. Well, duh, I use private IP’s within my LAN. So, I had to edit that file to allow connection to atleast the internal ip to my gateway. After that was done I was able to access the internet and everything else through my gateway.
Then for fine tuning I went ahead and deleted the /etc/int & /etc/fwd directories, because I’m only protecting one network device. And added some trojan ports from kammouflage’s post > http://www.networksecuritytech.com/viewtopic.php?t=3808 to the /etc/trojan_ports file. That’s really all I’ve done so far. I’ll prolly set up a simple script to pull the related logs from syslog to a more secure location for good practices, since thats the first place hackers target when screwing around.The other tool included is sf4sf another syslog viewer. Usages include.#tail -f /var/log/syslog | sf4sf
#grep Fired /var/log/syslog | sf4sf | more
#grep Trojan /var/log/syslog | sf4sf | moreYou can also edit and customize this tools usage in /etc/sbin/sf4sf.