CONFIGURATION of picoFIREWALL 13Jul2006/uk
1. Basic configuration
Basic configuration of picoFIREWALL is done after the installation in the file
/etc/picofirewall/picofirewall.conf - there, you often will have to set just
the name of the interface. The other very few things to possibly configure
are explained there.
The next sections are only useful, if you want to fine-tune picoFIREWALL:
having other machines accessing your machine or further limit the logging of
packets arriving at our machine.
2. Opening your firewall for selected machines and opening ports
picoFIREWALL is also designed following a pretty safe strategy: the default
policy is to drop all packets and then to accept whatever is needed. If you
have 'trusted machines' or want to completely open some ports, you may do this
by using the two configuration files open_log.cfg and open_nolog.cfg in the
directory /etc/picofirewall .
open_log.cfg Here you may enter IP numbers of machines, which you trust.
You may either allow full access or you may restrict access
for certain protocols and ports. It is also possible, to
completely open ports for any remote machine.
The details are given directly in the file open_log.cfg
If you have an ADSL router between your machine and the
internet, you should enter it's IP address here, especially,
if you are doing automated telnet operations with the device.
Should you be on a private network with access to the internet
through a router, you should enter the IP numbers of the trusted
machines within your private net here.
Whatever you allow in this file, will be minimally logged
and you will have an overview, what is happening (especially,
if you also install 'picofirescan').
open_extra_log.cfg Treated by picofirewall in the same way as open_log.cfg,
but typically used for temporarily opening the
firewall for one or several hosts.
open_nolog.cfg Basically the same as open_log.cfg , but packets allowed
in this file are not logged. Be careful with this! If you
allow anything here, you won't see in the log file what is
going on; I do not recommend to make any entries here.
3. Logging less than the default
picoFIREWALL is designed to well log packets arriving on your machine, but
finding a good balance in order to not overfill your log-file - not even in the
case of a portscan! If you want to log less, you may do this by using the two
configuration files noise_log.cfg and noise_nolog.cfg in the directory
/etc/picofirewall .
Some machines are really sending lots of packets during the day. picoFIREWALL
protects you quite well against these, but if you think that having the same
type of packets again and again from the same machine in your log file is
annoying, then you may further limit the logging of such 'noisy' machines
(often windoze or mac machines) sending 'noise' to your machine just too
frequently.
noise_log.cfg Here you may enter IP addresses of machines, which send lots
of packets (which are dropped, but appear in the log file).
Such packets are then logged only once a day - so you still
have some overview, what's going on.
The details are given directly in the file noise_log.cfg
noise_nolog.cfg If you have identified sources, which send packets to your
machine, which are dropped and of absolutely no interest to you,
their IP addresses can be entered here.
Such packets will be dropped and not logged at all. There are
a few suggestions from me in this configuration file.
4. The format used in the four fine-tuning configuration files
In the four *.cfg files the user may configure, which packets from remote
machines are accepted or less often logged and dropped in the case of 'noisy'
machines, which fill your logfiles.
The same notation is used in all these files and definitions can be made using
three different variations:
IPnumber # any packet FROM IPnumber
IPnumber,protocol,port # packets FROM IPnumber via 'protocol' TO our port
IPnumber,protocol,port:port # packets FROM IPnumber TO a range of our ports
Example:
+----------------+
+--------------+ destination|+--------------+|
| IP number | port|| Your machine ||
| of a remote |------->--------------->|| with the ||
| machine | protocol || firewall ||
+--------------+ |+--------------+|
111.222.111.222 tcp 22+----------------+
111.222.111.222,tcp,22 # packets from 111.222.111.222 sent via tcp to port 22
A line as above in one of the four fine-tuning configuration files *.cfg will
refer to packets from the machine with the IP number 111.222.111.222, sent with
the protocol 'tcp' to the destination port '22' on your machine.
If this line appears in the file open_log.cfg , then such packets will be
accepted and logged. If this line appears in the file noise_log.cfg , then
such packets will be dropped and logged.
5. Using picoFirewall and other iptables commands
Should you want to execute additional iptables commands for your own purposes,
you may create an executable file /etc/picofirewall/commands_after_start.sh,
which will be executed after picoFirewall is started.
Similarly, if you want to execute iptables commands after having picoFirewall
stopped, create an executable file /etc/picofirewall/commands_after_stop.sh,
which will be executed after picoFirewall has been stopped.
-.-