# Firewall question so basic it's sad [SOLVED]

## Steve S.

Hello all,

I'm loath to ask something so seemingly simple, but I couldn't find it in the handbook, searching the forums, etc.  Most assuredly, I'm looking in the wrong place, but would some one please help this simple noob out by answering his piddly question:

How do I set up a firewall with Gentoo?

I have looked through gnome, trying to find something under applications and the like that I missed, but I don't see anything obvious.

I want to set up SSH but don't want to if I can't have a simple firewall first.

Thanks for any info that you can give me.Last edited by Steve S. on Tue Nov 22, 2005 7:58 pm; edited 1 time in total

----------

## BlakeJob

I've used shorewall as a software firewall in the past.

----------

## ecosta

Hi Steve,

No stupid questions here!

You have many apps to help you configure your firewall.  To findout which they are, the simplest would be to have a look at what is in "/usr/portage/net-firewall".  I use shorewall.  So if you want some basic info about it do:

```
# emerge --search shorewall
```

You will have to configure your kernel to suport netfilter

```
# cd /usr/src/linux

# make menuconfig
```

Symbol: NETFILTER [=y]

 Prompt: Network packet filtering (replaces ipchains)

 Defined at net/Kconfig:62

 Depends on: NET

 Location:

 -> Networking

   -> Networking support (NET [=y])

      -> Networking options

As for enabling ssh.  I don't think it's a great risk.  You would be far more secure to close any open ports than worry about a firewall.  run netstat

```
netstat -vat
```

and check what ports are open and close all unneeded ones.  ssh is pretty safe!

Hope this helps

----------

## rev138

If you're feeling n00bish, shorewall (and many other things) can be configured quite easily through Webmin, which is also in portage.

----------

## at240

Don't forget the Gentoo Wiki too---there's at least one 'iptables for noobs' article. Alternatively, if you want something really simple and user-friendly, check out firestarter.

----------

## Steve S.

Wow!  Unfortunately this may start a trend: since it is so easy to get great responses, I may simply have to ask more questions.  :Wink: 

That being said, I checked in my /usr/portage/net-firewall and discovered that I have firestarter, shorewall and a variety of others.

The question now is, as told to a noob that is used to the gui world (myself), how does one go about setting one of these firewalls up?

----------

## magor

Check your kernel config and if necessary make menuconfig as described above than just emerge firestarter/shorewall/whatever.

----------

## at240

Steve, if you're interested in firestarter, have a look at its documentation on its website: http://www.fs-security.com/

The documentation is very, very simple and clearly written. It might not be the most powerful or sophisticated firewall (I'm saying that because I really don't know about some of the alternatives), but it has a really easy graphical interface.

----------

## rev138

I'll repeat my recommendation for webmin. It think it's an excellent system administration tool for a newbie, since it lets you configure dozens of common programs through an easy web interface.

```
# emerge -av webmin
```

----------

## Steve S.

 *rev138 wrote:*   

> I'll repeat my recommendation for webmin. It think it's an excellent system administration tool for a newbie, since it lets you configure dozens of common programs through an easy web interface.
> 
> ```
> # emerge -av webmin
> ```
> ...

 

All right, rev138, I gave webmin a shot.  I emerged it as indicated, then even added the rc-update line to get it to start at startup.

The question is now, how do I run it?  Does it have a gui interface/icon that appears in gnome?  If so, how do I get it to appear?  How do I get to it?

----------

## rev138

 *Steve S. wrote:*   

> The question is now, how do I run it?  Does it have a gui interface/icon that appears in gnome?  If so, how do I get it to appear?  How do I get to it?

 

You can either reboot, and let the rc-script work its magic, or:

```
# /etc/init.d/webmin start
```

Then, open a web browser and go to http://localhost:10000

(10000 is the default webmin port. You can change this once you're logged in as root)

----------

## Steve S.

I had restarted and when i refreshed the forum page, it asked me whether or not to allow access.  I this the magic you speak of?   :Wink: 

So, it looks like it's doing it's thing.

Any other firewall advice from the crew before I mark this solved?  Thanks again to everyone for the amazingly immediate response...very reassuring.

----------

## ecosta

I'd follow rev138 and install an easy graphical tool to configure your firewall.  It won't have all the hype but I'm sure it will keep you protected.  If your needs start outgrowing the GUI, then move to shorewall or pure iptables.

Best of luck.

Ed.

PS: Remember to start a rule stating that ssh has access or you'll lock yourself out of the box if rules are too restrictive  :Wink: 

----------

