I'm attempting to setup my first manually configured debian linux firewall. I seem to be finding conflicting information on the correct / preferred method.

I am planning on using the iptables mechanism that is installed by default.

I began by following the "Secureing Debian Manual" linked to from the debian.org/doc/manuals. This seems to be a decent document, but out of date sometimes. In the section "5.14.3.1 Doing it the Debian way" it tells you to run "dpkg-reconfigure -plow iptables" to set iptables to run upon boot/startup. When I run this the package gives me an option of running it, but states this is optional and NOT recommened.

In O'Reilly's Linux Security Cookbook they state to get a firewall up and running during boot to use the following command:
"chkconfig iptables on"
But chkconfig does not exist on the system. Obviously, I can install it, but it seems that this is not the right approach.

I tried using webmin as well, but the linux firewall admin tool seems to be too general.

Any suggestions on where to look for the most up to date info on doing this?

Thanks.

Linux Docs: network security (http://en.tldp.org/HOWTO/HOWTO-INDEX/networking.html#NETSECURITY)

tldp to the rescue, yet again.

The Debian init script for iptables is pretty much a placeholder for the sake of conformity. I rarely use any distributions startup or firewall scripts for iptables. You are probably better off writing your own shell script with the iptables commands you need in it then adding it to your startup procedure.

-knightfoo

Originally posted by altp
Linux Docs: network security (http://en.tldp.org/HOWTO/HOWTO-INDEX/networking.html#NETSECURITY)

tldp to the rescue, yet again.

Yep, I've scoured the site. My problem isn't the iptables rules, but what are the suggested methods for startup settings specific to Debian. I've found several documents, but they seem to be outdated (they discuss ipchains) or contradictory to each other.

Just looking for peoples suggestions/opinions.

Originally posted by knightfoo
The Debian init script for iptables is pretty much a placeholder for the sake of conformity. I rarely use any distributions startup or firewall scripts for iptables. You are probably better off writing your own shell script with the iptables commands you need in it then adding it to your startup procedure.

-knightfoo

Thanks knightfoo... this is pretty much what I've settled on.

If anyone else has a better idea (or just a different one), I'd love to hear it.