I need help/resources to building a very simple firewall to secure my gentoo workstation.

So far all I can think of needing info on is how to (drop) all packets, except for ones that I request through programs that I'm running... such as, mozilla/konqueror, gaim, tribes2, quake3, ut2k3, irc clients... just common stuff.

If I could get a simple script setup, I could then read some documentation and then add more features... make this a learning process so that if I needed to allow ssh, telnet connections then I would know what to add to my script icon_biggrin.gif

Any help would be greatly appreciated. I think I'm not very good at googling icon_razz.gif

nonz,

Here's a good link to get you started.

http://www.linuxguruz.com/iptables/

If you really want to get technical, I highly recommend "Linux Firewalls" by Robert Ziegler on New Rider Press. Any potential question you have will be answered, especially since you don't google well. ;-)

Would this be all I need?



to not respond to clients, if I happen to be running a server(trojan) or something:
/sbin/iptables -A INPUT -p tcp --syn -j DROP

then, to not respond to pings:
/sbin/iptables -A INPUT -p icmp -j DROP

You could always try my own how to on iptables via my sig if this isn't classed as spamming!

Just dropping everything is no good as it won't let stuff back in to your machine/LAN. Check out my link as it saves me explaining again! Basically you can use a simple stateful firewall to allow connections back in providing you initiated the connection in the first place.

nry