Tuesday, February 28, 2006
In the preferences ("Edit -> Preferences") the first thing i ensure is that "Enable tray icon" and "Minimize to tray on window close" is enabled. Another thing to change would be to "Apply policy changes immediately" in the "Policy" section. For the more paranoid cases, enabling "ICMP Filtering" would be the way to go but be careful what you enable as some network tools might not work as expected if you do enable it.
"ToS Filtering" would require an entire posting of its own but for a quck run through, I enabled ToS filtering, chose "Workstation" and optimized the traffic for "Throughput".
Finally in the "Advanced Options", maintaining "Preferred packet rejection method" to "Drop silently" is good. I personally prefer this option because sometimes its harder for another person to know if there is even a machine if they scanned you. Not that they cant find out using, its just that it makes it slightly harder. Anything that gives you even the slightest edge helps right;). Blocking broadcast traffic is a good idea to prevent you from getting DoS-ed. It also helps in reducing excessive traffic and prevents the degredation of network performance.
As a final note I also enable "Block traffic from reserved addresses on public interfaces". If you're connected directly to the internet using a public IP, it would be ridiculous to get a connection from a LAN IP right. You obviously don't want these spoofed addresses eating up your bandwidth. However this is not just restricted to LAN IP connecting to public IP, it also works for multicast traffic or any range which is deemed restricted. Save your preferences and you're back to where you started earlier.
Now that you have a pretty safe machine, you will want to allow certain connections to come INTO you system such as SSH, Torrent, NetBIOS. Click the "Policy" tab and in the "Inbound traffic policy" you have to add any ports and/or IPs that can connect to you in the "Allow service" section. Once you've added it the rule will immediately become active and you can connect to the service. For a workstation this will be more than sufficient. For controlling outbound traffic, change the "Inbound traffic policy" to "Outbound traffic policy" and you will notice whether to allow all traffic by default or restrictive by default. For those who intend to run it as a server or are just plain paranoid, change the default "Permissive" to "Restrictive" and restrict what kind of connections you wish to allow from your system. But do be careful with this as you may deny connections from other system apps that need to connect out.
You can monitor all blocked connections in the "Events" tab. This is a good place to check in case you set your rules too strict or just want to know what kind of traffic you are being hit with.
Well I finally have my first tutorial on something up. Hope to put something else up soon;)
- apt-get install firestarter -y
There is already a good tutorial available from the Firestarer homepage which is accessible through this link but I will run through the 3 step process here as well.
- Click "Forward" on the first page. This is merely stating that you're ready to begin the setup.
- In "Network Device Setup", select the interface that you want the filtering to take place. For Linux, the first interface is usually called eth0, the second interface eth1 and so forth. For those using your Linux machine to dial out for DialUp or ADSL, select the "Start firewall on dial-out option". For those who obtain their IP automatically from a DHCP server, do remember to check the "IP address assigned via DHCP" option box. Click "Forward" when you're done.
- In "Network Device Setup", this is the section that allows your computer to act as a gateway for multiple PC's in your network. Enable it if you wish to share your connection with others. This is also a good tool to be used on gateway servers as it simplifies configuration but I wouldn't recommend running a full fledged GUI on a server. You would need a minimum of two interfaces for thise to work. One for the internal network (where all your clients are) and another which is connected to the internet. In the interface selection, select the interface connected to the internal network. If you wish to assign address to the clients in your personalized LAN, click the "Enable DHCP for local network" and enter the settings as you require it.
- And your now set to run your newly configured firewall. Just click "save" and your're good to go.
Monday, February 27, 2006
/etc/apt/sources.list is the file that stores the location of repositories to download the .deb files from.
Here are some command line options that I regularly use
- apt-get install [package_name]
- downloads and installs [package_name]
- apt-get remove [package_name]
- removes [package_name]
. I usually use dpkg --purge to completely delete everything, including its configuration files as well.
- apt-get update
- downloads the new package information from the repositories
- apt-get upgrade -y
- ran after the above command, it will download and update any packages that are outdated. the -y option answers 'yes' to all questions regarding upgrades. It's es.pecially useful when running it from a crontab
- apt-get dist-upgrade -y
- this is the best way to upgrade your existing version to the latest version. Just run this command after a few hours, with a mere reboot, you will have your new distro ready for use. Usually most of your previous applications will work just fine but at times you will need to remove and reinstall the application for it to function but its very rare.
- apt-cache search [package_name]
- the best way to search for packages instead of searching via packages.ubuntu.com. Useful if you don't know the entire name of the package.
- dpkg -L
- list all the files installed by
- edited my /etc/apt/sources.list
- changed all references of "breezy" to "dapper"
- "apt-get update"
- "apt-get dist-upgrade -y"
The first thing I did was to login to GNOME just to see what changes have been made. Granted that I already had a previous configuration setting for GNOME anyway so i might be missing out on some default settings/layout. Graphically its the same as the previous version but what caught my eye immediately was that the GNOME panel is now slightly smaller (I've been trying to figure out how to change the size but never managed it. Probably have to edit it using gconf but I was too lazy after switching to XFCE4) and they have applets that warn you about your impending hard disk capacity exhaustion. Also it now comes with gnome-screensaver which offers a whole slew of REALLY cool looking screensavers and a OS-X like password prompt.
After that I decided to switch back to fluxbox which somehow seems much faster. However all my fonts are like super humongous at the moment but i'll let it stick for now. It's kinda nice not to have to squint your eyes trying to read all the config file. I've had it running for more than 18 hours now and it seems just fine and dandy. i just hope it stays that way though.
Some of the other changes include Firefox 1.5 and Thunderbird 1.5 that comes default with Dapper. Previously I had to download Firefox manually and do some reconfiguring (which aint hard anyway) but now that i have it default it makes me even happier. Also i get to retain my extensions that I have already been using ;).
Will post more as I come across newer features/changes ;) Time for lunch:D
Sunday, February 26, 2006
Linux. Ahhh...my favorite OS. Aside from OS-X that is. Not that I haven't tried out any *bsd systems its just that Linux just works better for me (And easier too. Though i know of 1 or 2 people would disagree with me). Anyways I've tried out quite a few distro's i.e. RedHat, Slackware (my FAVORITE distro EVER), Fedora Core, CentOS and of course, Ubuntu. Now Ubuntu is TRULY a distro suited for the masses IMHO. It has such a simplistic and intuitive installer. If memory serves me right you just need to answer 6 questions to get a fully functional system.
I've been using Ubuntu 5.0.4 or more commonly known as Hoary Hedgehog (they seem to like to name their releases using animal names). The default desktop is GNOME (there are versions for other desktops or window managers i.e. Kubuntu using the KDE desktop). Ubuntu uses Debian as a base so for all of you who have used Debian before this would be a breeze. Regardles of the system you choose, you can opt to install any of the desktops using apt-get. Ubuntu itself can be obtained from ubuntu.com
In Breezy Badger (5.1.10) they also offered another desktop option, which incidentally does not have its own release cd, called xubuntu which uses XFCE4 as the desktop environment. I've had a liking for this as it was small and simple so the moment i knew it was available i decided to download it. Obtaining it was rather simple. ALl i had to do was type "apt-get install xubuntu-desktop" and watch apt-get perform its miracle by downloading, installing and setting up the new desktop for me and i've been using it ever since. Quite recently i stumbled upon another ubuntu version called nubuntu.org which uses the fluxbox window manager for those looking for a more simplestic and HIGHLY configurable wm. I decided to give fluxbox a try since I've been hearing so many good things about it. I'll post my guide to configuring fluxbox later. Once I can find where i stuffed that tutorial of mine in the 1st place :P.
The real reason i created this blog was to put up any tutorial I did whilst doing configuration for my machine. Since i have a nasty habit of writing up some minimalistic guide so that i can remember it for future use AND losing it, thus putting up online seems to be the sanest thing to do. I got this idea from a friend of mine who puts up lots of food tutorials and guides for *BSD (or *NIX) in general. Thx geek;)
The name "afriel" was stumbled upon when i was busy searching for some RPG stuff. Turns out the name i chose is an angels name and it supposedly means
Afriel is known as the Angel of Youth and encourages exploration of all things new and inspires us with Hope.
Either way the name sounds cool so i decided to use this as the name for this blog. And besides, an angel that encourages us to do new things is my kinda guy. Or gal, whichever suits it. :D