[wplug] ask for help
Alexandros Papadopoulos
apapadop at alumni.cmu.edu
Mon Feb 21 16:36:37 EST 2005
On Monday 21 February 2005 22:17, Steve Bierly wrote:
> I was hoping someone could help me learn how to set up
> a web site and a firewall. I am reading a few books
> and would like more help.
Well, you've made the proper start - reading up on it. Now, if you have
more specific issues (e.g. "how do I set up the apache web server on
Debian woody?") then we'll be glad to help.
A few very general pointers follow, although knowing more specific
information would help a lot (e.g. what distribution are you using,
what purposes will the machine serve - personal, family, community
etc).
+ To build a web site you need a web server. The prominent choice here
is Apache. On most distributions it comes pre-installed or available
for installation with a few clicks/commands. Generally you install
apache, start it, and then whatever you dump in the directory /var/www
(although that may vary from one distribution to the next), is server
via port 80 of your IP.
+ Firewalling is implemented using the "netfilter" system. The
command-line tool you use to configure netfilter is called "iptables".
There are numerous tutorials and firewall rulesets out there, but to
begin with, one needs to know the basic rule: Default deny, and then
allow what you need. An introduction can be found here:
http://www.justlinux.com/nhf/Security/IPtables_Basics.html
More information at http://www.netfilter.org
A basic script that allows people to talk to your machine only on part
80 would look like this:
#!/bin/bash
## Flush all rules
/sbin/iptables -F
## Delete all custom tables
/sbin/iptables -X
## Zero all counters
/sbin/iptables -Z
## Set default policy to DROP for incoming packets
/sbin/iptables -P INPUT DROP
## Accept everything incoming on loopback interface
/sbin/iptables -A INPUT -i lo -j ACCEPT
## Accept all incoming traffic from related or established connections
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
## Accept HTTP requests from everyone
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
## Log in /var/log/messages all dropped packets
/sbin/iptables -A INPUT -j LOG --log-prefix "iptables: INCOMING
DROPPED:"
That should get you started.
-A
More information about the wplug
mailing list