Linux firewall

Hi
I am using mandrake 8.2
I need to protect against atacks from the net
What is the best firewall for my case?
Is there some firewall that I can configure in X86 environment?

Thanks
maomortaAsked:
Who is Participating?
 
ahoffmannConnect With a Mentor Commented:
use iptables as firewall
There exist a GUI for it too: FWBuilder, and some others
AFAIK admins who whant to protect their site do not use GUIs, but realy know what they configure ;-)
0
 
maomortaAuthor Commented:
Hi
The program have a good interface but I have a problem
When I try to execute the shell script I receive the following error:

./test.fw
+ '[' -x /usr/bin/logger ']'
+ logger -p info 'Activating firewall script compaq.ottolini.pt.fw generated Fri May 31 01:27:34 2002 WET by fmmr'
+ modprobe ip_conntrack
/lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter/ip_conntrack.o.gz: init_module: Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters
modprobe: insmod /lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter/ip_conntrack.o.gz failed
modprobe: insmod ip_conntrack failed
+ exit 1

Do you know how to correct it?
0
 
ahoffmannCommented:
I highly recommend to build the iptables into the kernel, and not use modules.
The erro seems to be as it says: busy (invalid parameters, etc).
0
 
ChungkuoCommented:
As root, list the modules you have currently loaded with lsmod. You should see something like this:

ipt_state                608   3  (autoclean)
ipt_MASQUERADE          1216   1  (autoclean)
ipt_LOG                 3104   7  (autoclean)
iptable_mangle          2144   0  (autoclean) (unused)
iptable_filter          1728   1  (autoclean)
iptable_nat            12756   1  [ipt_MASQUERADE]
ip_conntrack           12748   2  [ipt_state ipt_MASQUERADE iptable_nat]
ip_tables              10304   8  [ipt_state ipt_MASQUERADE ipt_LOG iptable_mangle iptable_filter iptable_nat]

These are the modules you need loaded for most iptables functions (if you want MAC filtering, you need to load ipt_mac as well).

Try loading the modules outside of the shell script using modprobe. Try:

modprobe ip_conntrack

and see what happens. Also try loading a couple of the other modules (like ip_tables and iptable_nat) and see if they load.
0
All Courses

From novice to tech pro — start learning today.