Tag Archives: firewall

Firewall Tutorials – how to setup everyone’s favorite excuse for things not working!

Firewall TutorialsWe’ve all been there, something is broken and you’ve gone through everything you can think of, checked all the configs, installed and reinstalled, googled and binged and it just wont work.. and then it dawns on you.. maybe it’s the firewall? Well of course it is, it (almost) always is! So in the (probably futile) hope of heading off future firewall blaming, here’s a collection of handy firewall tutorial guides for various platforms…

Linux/Unix Firewalls

IPTables

On pretty much every Linux box these days you will find iptables installed by default but it’s not exactly user friendly when it comes to configuring, however it is certainly worth learning the basics before heading for the easy(ish) front-ends mentioned further down this page. So here are some general iptables guides for you to wrap your brain around:
[Security Scanning Tools]
From the CentOS wiki we have this very useful getting started guide.

If Ubuntu is more to your liking, they too have an excellent ‘how to‘ guide for iptables.

If you still need more then you can find a load of useful iptables examples on nixCraft.

Besides the vanilla iptables there are a number of scripts/addons out there which provide a simpler interface and/or extend the functionality or at the very least simplify the creation of much more advanced iptables configurations.

CSF – A Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.

CSF is popular with cPanel servers (and other web based server management panels) but certainly doesn’t require one and it does quite a lot of useful stuff besides just creating iptables rules.

How To Install and Configure Config Server Firewall (CSF) on Ubuntu

Basic CentOS / RedHat 6 Server Hardening / csf install / epel install
[Antivirus Tools for Techs]
Firestarter – a graphical interface for quickly configuring firewall rules and settings. No longer in active development but still a fully functional graphical interface to make your iptables life easier.

Firestarter from the Ubuntu wiki.

A Quick Tutorial from the official site.

UFW – Uncomplicated Firewall is the default firewall configuration tool for Ubuntu which is designed to make working with iptables simpler, even on the command line. For those who prefer a graphical interface there is also Gufw.

UFW Guide

How to Install and Configure UFW – An Un-complicated FireWall in Debian/Ubuntu

Shorewall – a gateway/firewall configuration tool for GNU/Linux.

Configure Firewall Using Shorewall Under RHEL / CentOS

How to Shorewall on Debian

pfSense – an open source firewall/router computer software distribution based on FreeBSD. pfSense is generally installed on a full computer to make a dedicated firewall device. It comes with a web interface and all the features you’d expect from a firewall device.

Getting Started

Building a pfSense Firewall

pfSense on Reddit – yes it even has its very own subreddit.
[CommitCRM Review]
Windows Firewalls

Windows Firewall from start to finish

How to Install Comodo Firewall

Getting started survival guide for Comodo Free Internet Security Premium Version

The Complete Guide To Set Up and Use ZoneAlarm Firewall On Your PC

Hopefully you will find the above guides useful and no longer have to blame the firewall when things go wrong. (blame SELinux instead 😉 )

 

Firewall Management Tools

Firewall Management ToolsWhether you are a provider of general IT services, an MSP, or if you specialize in managed security services also known as an MSSP (which sounds cool but unfortunately doesn’t mean you are managing MI6 like M in a Bond movie), one of the major components of the security system you manage for your clients is going to be firewalls of one kind or another.

To quote Wikipedia, a firewall is a:

“software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on applied rule set.”

Which means when you are managing a firewall you could be doing anything from fiddling with arcane configuration settings in a text file or command line, to clicking some big shiny buttons on a fancy interface with a smart wizard to make it all automagically work for you. These firewalls can be installed on a server or desktop PC, or can be dedicated appliances protecting your network in the office or datacenter.

Those which are typically installed on a desktop computer include apps like ZoneAlarm, Avast and AVG while commonly on a server running Linux for example you would likely be dealing with IPtables which is a whole lot of fun! Fortunately there are some wrappers for IPtables which aim to make it just a tiny bit less complex, for example CSF which is popular on CPanel servers (but doesn’t require it) and UFW which is widely used on Ubuntu and others of that ilk.

On the hardware side there is of course the big names you’d expect in this space such as Cisco as well as Checkpoint which does a nice line in firewalls for small to medium sized businesses, and Fortigate which also has a nice range from the entry level 100 series and on up to the big and expensive enterprise systems. I’m quite partial to the Fortigate solution and use it with a number of clients where suitable, for example in the datacenter protecting their servers or in their office protecting the corporate network. It’s easy to remotely manage with a web based interface as well as command line (ssh) and a VPN.

These days as with other aspects of computing, “The Cloud” has moved into the firewall arena as well in the form of Cloud Based Security Services such as that provided by CheckPoint and others and for a monthly fee your network security is handled for you or of course for your clients if security is not your area of expertise. If it is your area then the many MSSP tools around these days will be right up your alley.

With the prevalence of ever more advanced (while also easier to use) security scanning tools it is something of an arms race in the computer security world so you have to stay up to date with the latest happenings in order to fully protect your own systems and those you manage for your customers, from malicious hackers and script kiddies, not to mention a widening array of three letter agencies as well!