A Linux Firewall for Debian, SuSE, and other Linux Distributions - Tested on Debian and SuSE Linux.picoFirewall protects your personal PC reliably and without configuration.picoFirewall protects your server reliably and with little configuration.
picoFIREWALL is a small (as the prefix 'pico' implies) firewall based on netfilter (the part in the Linux-Kernel) and iptables (the user-interface).
It is setup to be a stateful firewall, meaning that it keeps track of its connections and thereby distinguishes packets associated with an established connection from packets, which are not associated with a connection from your PC.
picoFIREWALL was especially designed to serve three purposes: Protect the machine very well, easy or no configuration, and find a good balance of logging packets and keep the log file small. A useful feature is rule-based logging: the entries in the log-file allow to find the corresponding rule in picofirewall.conf, which caused the entry. These rule-based comments also appear in the log file analysis program picoFIRESCAN.
The principle followed was a 'drop all packets philosophy', then allow needed packets on a step-by-step basis; this concept seemed more safe to me than the other way round (first allow everything, then make restrictions).
It does a good job and secures machines, which are directly connected to the internet (via ADSL, TV-cable, modem, or otherwise). If you have more than one ethernet interfaces, the one pointing to the internet will be protected; the other interfaces will be allowed full in- and outbound traffic.
This firewall allows to run VMware on this machine if you are running it in the NAT mode and want to connect to your host system.
Picofirewall is intended to protect your machine against unauthorized packets arriving from the internet. However, in addition you should also make sure, that you do not have any services running on your Linux system, which are not really necessary. If you have such services running, you should only allow to use them by those you trust.
Add the following line in your /etc/apt/sources.list
deb http://debian.seismo.ethz.ch sarge ethz_sed
Installing picoFIREWALL in Debian
You need to enter the above source list in your /etc/apt/sources.list file and then you need to run the following commands
You should first stop any existing firewall you have already running
#apt-get install picofirewall
That's it this will install the picofirewall in debian
documentation is available in /usr/share/doc/picofirewall
picoFIREWALL Configuration in debian
Typically, picoFirewall needs no configuration.Default configuration file located at/etc/picofirewall/picofirewall.conf. You should run a web-, dns-, dhcp-, or mail-server, modify the file /etc/picofirewall/picofirewall.conf.
Note:- Attention Debian users
In early 2004 it was experienced, that the kernel did not properly log the firewall results; this problem has obviously been solved now.Should you experience this behaviour, proceeed as follows
Modify the file /etc/init.d/klogd
Instead of KLOGD="" it should read: KLOGD="-c 1"
This is necessary in order to have the firewall logging
Then enter: # /etc/init.d/klogd restart
If you want to know more about configuration click here
Starting and stopping picofirewall
In order to have a nice view of the entries in the log file, I recommend to also install picoFIRESCAN. picoFIRESCAN analyses the entries in the logfile of picoFIREWALL and creates HTML pages in order to get a quick overview of what happened to incoming and outgoing packets.
If you want to install picoFIRESCAN follow the instruction available here