Firewall
From Ollie's Web Site
Firewall
A 486 pc running an heavily stripped early version of Red Hat linux has been my firewall since around 1999. Getting more modern version of linux onto this computer seemed rather daunting, so I lived with the limitations, which included only running ipchains as a firewall. Nonetheless, the server, sweetums, successfully protected the network for many years.
I decided, however, that it was time (2/4/06) to move on, so I added a NIC to my mail server, kukla, and rejiggered the network options. Since kukla is running an up-to-date copy of debian 3.1 (stable), it offered iptables and netfilter, as well as shorewall, a high level firewall configuration package.
It was pretty easy to get the various services running under shorewall, so now I have http, everquest, smtp and samba all operating without a hitch.
Shorewall Configuration
As installed by debian, shorewall does not start up because /etc/default/shorewall is set to block startup. After confuring it (more below), change "startup=0" to "startup=1."
Single-interface configuration is here. USed this to set up on sulfurous 9/13/06, allowing only port 25 (smtp) and 22 (ssh).
