NetworkManager Firewall

Wednesday 30 May 2007 at 5:09 pm

Currently, there's no simple framework in NetworkManager for Firewalling support.

 Here's one way you can provide a simple and minimal firewall setup for your box controlled by NM.

Create the following files:

rrs@learner:~$ cat /etc/network/if-up.d/firewall
#!/bin/bash

if [ $IFACE == "lo" ]; then
    echo;
else
    /sbin/iptables -A INPUT -i $IFACE -m state --state NEW,INVALID -j DROP;
fi
rrs@learner:~$ cat /etc/network/if-down.d/firewall
#!/bin/bash

if [ $IFACE == "lo" ]; then
    echo;
else
    /sbin/iptables -D INPUT -i $IFACE -m state --state NEW,INVALID -j DROP;
fi

With these scripts in place you'll have a basic firewall where no requests initiated from outside will be dropped. NM will make sure to execute the script on the active interface basis.

I've also filed a wishlist suggesting the packagers to add something like this into the Debian package.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426683

Ricky Goldsmith | ¶ | default, Computer, Debian | No comments Used tags: debian, firewall, iptables, networkmanager

NetworkManager Debian Network Interfaces

Wednesday 30 May 2007 at 2:49 pm

So many of you might be aware of NetworkManager. The big new tool from RedHat does simplify Network Configuration on your Linux box.

But there lies a small problem with NetworkManager. It is very picky about what it is going to touch and what not.

Ricky Goldsmith | ¶ | default, Computer, Debian, Fun | No comments Used tags: debian, networkconfiguration, networkmanager