A Linux Firewall for Debian, SuSE, and other Linux Distributions
- Tested on Debian and SuSE Linux.picoFirewall protects your
personal PC reliably and without configuration.picoFirewall
protects your server reliably and with little configuration.
picoFIREWALL is a small (as the prefix 'pico' implies) firewall
based on netfilter (the part in the Linux-Kernel) and iptables
It is setup to be a stateful firewall, meaning that it keeps
track of its connections and thereby distinguishes packets
associated with an established connection from packets, which
are not associated with a connection from your PC.
picoFIREWALL was especially designed to serve three purposes:
Protect the machine very well, easy or no configuration, and
find a good balance of logging packets and keep the log file
small. A useful feature is rule-based logging: the entries in
the log-file allow to find the corresponding rule in
picofirewall.conf, which caused the entry. These rule-based
comments also appear in the log file analysis program
The principle followed was a 'drop all packets philosophy', then
allow needed packets on a step-by-step basis; this concept
seemed more safe to me than the other way round (first allow
everything, then make restrictions).
It does a good job and secures machines, which are directly
connected to the internet (via ADSL, TV-cable, modem, or
otherwise). If you have more than one ethernet interfaces, the
one pointing to the internet will be protected; the other
interfaces will be allowed full in- and outbound traffic.
This firewall allows to run VMware on this machine if you are
running it in the NAT mode and want to connect to your host
Picofirewall is intended to protect your machine against
unauthorized packets arriving from the internet. However, in
addition you should also make sure, that you do not have any
services running on your Linux system, which are not really
necessary. If you have such services running, you should only
allow to use them by those you trust.
Add the following line in your /etc/apt/sources.list
deb http://debian.seismo.ethz.ch sarge ethz_sed
Installing picoFIREWALL in Debian
You need to enter the above source list in your /etc/apt/sources.list
file and then you need to run the following commands
You should first stop any existing firewall you have already
#apt-get install picofirewall
That's it this will install the picofirewall in debian
documentation is available in /usr/share/doc/picofirewall
picoFIREWALL Configuration in debian
Typically, picoFirewall needs no configuration.Default
configuration file located at/etc/picofirewall/picofirewall.conf.
You should run a web-, dns-, dhcp-, or mail-server, modify the
Note:- Attention Debian users
In early 2004 it was experienced, that the kernel did not
properly log the firewall results; this problem has obviously
been solved now.Should you experience this behaviour, proceeed
Modify the file /etc/init.d/klogd
Instead of KLOGD="" it should read: KLOGD="-c 1"
This is necessary in order to have the firewall logging
Then enter: # /etc/init.d/klogd restart
If you want to know more about configuration click
Starting and stopping picofirewall
In order to have a nice view of the entries in the log file, I
recommend to also install picoFIRESCAN. picoFIRESCAN analyses
the entries in the logfile of picoFIREWALL and creates HTML
pages in order to get a quick overview of what happened to
incoming and outgoing packets.
If you want to install picoFIRESCAN follow the instruction