Debian: Which firewall?

security debian firewall headless
11,043

Solution 1

At first, a firewall should be the last step to secure a server. Remove all software and services which are not needed, update your system with the latest available security patches and review your config files.

Why do you want to avoid iptables?

"Because I'm a newbie" is no real excuse. A "one click everything secure" firewall doesn't exist, and if a software product uses such a slogan, its likely to be just snakeoil software.

If you are not experienced in networking basics you will have to learn this for configuring a working firewall. :-)

If you don't want to create the iptable rules yourself, you have two options:

  • customize existing scripts found on the net
  • use a GUI tool to create the rules yourself

iptables is your interface to the networking layer of the kernel. Nearly every solution for linux will depend on it.

Here are some commented example scripts/tutorials. You will easily find more with a google search.

Here is a list of GUI tools you can use to create your iptable rules:

A great book about linux servers and security is "Building Secure Servers with Linux" from O'Reilly.

Don't get discouraged and sorry for the "hard" words, but a server on the internet is not a toy and you will have some responsibility for this.

Solution 2

You might consider trying ufw. While it was created for Ubuntu Server, I believe that that it is also available in Debian. (UPDATE: Unfortunately, it looks like it is only available for squeeze and sid according to packages.debian.org, but it might still be worth looking at.) While I would say that you eventually want to move to writing your own iptable rules, I initially found ufw very easy to use and very easy to transition from. Here are some highlights:

  • Convienient Syntax: ufw allow 22 or ufw allow ssh is all that is required to allow inbound ssh traffic if your default policy is DENY.

  • Easy Logging: ufw logging on will turn on fairly reasonable logging. The nice thing about the logging is that by default it drops particularly noisy services (port 137 anyone?).

  • Ability to implement complicated policies: On my home machine I use ufw and am currently running a fairly complicated policy.

  • Ability to add your own iptable rules. Pretty much any policy can still be implemented with ufw even if the default interface doesn't provide a mechanism because you can always add your own rules.

  • Great Documentation: man ufw is often all you need to solve some problem or answer some question--which is great if you are setting up your firewall when offline.

This is not a "click one button and you will be secure" firewall. At the end of the day what it really does is provide an easy to use rule-creation syntax, some abstraction around iptables-save and iptables-restore and brings some default rules and practice that a newbie might not know about.

Share:
11,043

Related videos on Youtube

fego
Author by

fego

Updated on September 17, 2022

Comments

  • fego
    fego almost 2 years

    I have to install a firewall on my server (so without X Server). It's a debian lenny. If it is possible, I want to avoid the use of iptables. Is there an easier way to install/configure a firewall?

  • fego
    fego over 13 years
    thanks for your answer. I bought a book about the administration of LInux, and I will study iptable, but before I will look at easy chains or ufw.
  • fego
    fego over 13 years
    it seems to be very interesting ! Thks
  • Barthelemy
    Barthelemy over 13 years
    +1 ufw is very easy to use and it is easy to transition to iptables after that because the abstraction level is just right (not too high like point-and-click, and not too low because of the nice defaults).

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What steps do you take to secure a Debian server?
Fail2ban block with IPtables doesn't work on Debian Lenny. [moved ssh port]
Why does kdeconnect listen on port 1716/tcp all the time? How to close the port / secure it?
Why does Debian come without a firewall enabled by default?
What Firewall, anti DDOS and anti Brute-Force managers exist in Ubuntu
Help! My server has been hacked - .IptabLes and .IptabLex in /boot
How to configure UFW for a basic desktop / laptop?
Cannot create file/directory in home directory
I can't use ufw on WSL-Ubuntu
Why UFW has to be (re)started at boot time if it's only iptables rule manager?