Stateful Firewall for floppyfw
I am always amazed how people can hack together a Linux
2.4.XX-kernel to run from a floppy disk. And on top of it, there is a basic
shell, network support (plug-and-play, Mr. Windoze!) for the most widespread
NICs.
A router/gateway plus stateful firewall/packet filter running on a 486 without harddisk. Terrific!
http://www.zelow.no/floppyfw/index.html
is the place where you can pick up the image-file - for a single floppy!
I did just that, had it up and running after 30 minutes. It comes with an easily configurable setup ("config") and a very basic "firewall.ini" which provides a nice, but basic masquerading and firewalling (including closing the NetBIOS-ports).
I wanted more of filtering and found a good tutorial and even better examples at
http://iptables-tutorial.haringstad.com
Those examples are of the general type for the average Linux-distribution. Therefore I downloaded the example applicable to our situation (DHCP for my outside connection and I trust myself - though at times I better not!) to change it in order to work with the parameter-set as configured in floppyfw's "config", load the kernel modules required for the filter, set the correct paths and a few minor things. The result
http://metalab.uniten.edu.my/~uwe/resources/HOWTOs/firewall.ini
should work right out of the box for a functional floppyfw. (Just copy it into the root of your floppyfw-diskette and reboot.)
There should be no changes required in the setup.
Eventually you might want to alter some rules according to your setup; open or close some ports, etc.
Of course, I won't be responsible if your network is broken in, your floppyfw starts screaming or delivers ice-cream.
My appreciation goes to all the hackers behind floppyfw and Oskar Andreasson for his packet filters.
A router/gateway plus stateful firewall/packet filter running on a 486 without harddisk. Terrific!
http://www.zelow.no/floppyfw/index.html
is the place where you can pick up the image-file - for a single floppy!
I did just that, had it up and running after 30 minutes. It comes with an easily configurable setup ("config") and a very basic "firewall.ini" which provides a nice, but basic masquerading and firewalling (including closing the NetBIOS-ports).
I wanted more of filtering and found a good tutorial and even better examples at
http://iptables-tutorial.haringstad.com
Those examples are of the general type for the average Linux-distribution. Therefore I downloaded the example applicable to our situation (DHCP for my outside connection and I trust myself - though at times I better not!) to change it in order to work with the parameter-set as configured in floppyfw's "config", load the kernel modules required for the filter, set the correct paths and a few minor things. The result
http://metalab.uniten.edu.my/~uwe/resources/HOWTOs/firewall.ini
should work right out of the box for a functional floppyfw. (Just copy it into the root of your floppyfw-diskette and reboot.)
There should be no changes required in the setup.
Eventually you might want to alter some rules according to your setup; open or close some ports, etc.
Of course, I won't be responsible if your network is broken in, your floppyfw starts screaming or delivers ice-cream.
My appreciation goes to all the hackers behind floppyfw and Oskar Andreasson for his packet filters.
