- Linux news and help for home broadband internet users
 Home | Files | Case Mods | Reviews | Forum | Search | Links | RDF Feed | Contact

Installation Guide
Setting Up
Internet Sharing
Port Forwarding
Services Config
Installing Programs
Game Servers
Using IPTables
Useful Commands
Kernel Upgrading
System Recovery
Red Hat 7.2 Setup
OpenBSD Setup
BPA Login Setup
PPPoE Setup
Add New Hardware
VMware ESX Cmds
Our RC5 Team
Help Support Us

Linux Security
NetStats FAQ
Linux KIS Trojan
CAT5/LAN Cables
Domain Names
Presario RH Install APC Debian DVD
  • Privacy Complaint Targets Google Over Unsolicited Ad Emails
  • Psychedelics Help People With Alcoholism Drink Less
  • Japan Signals Return To Nuclear Power To Stabilize Energy Supply
  • Korea Shatters Its Own Record for World's Lowest Fertility Rate
  • New Aluminum-Sulfur Battery Tech Offers Full Charging In Under a Minute
  • New York State Bill Would Require Speed Limiting Tech In New Cars
  • Notorious DRM Company Takes Aim At Switch Piracy
  • Hackers Are Breaking Into and Emptying Cash App Accounts
  • New Film 'BlackBerry' To Explore Rise and Fall of Canadian Smartphone
  • Chattanooga, Tennessee offers America's First Community-Wide 25 Gig Internet Service
  • California To Ban the Sale of New Gasoline Cars
  • Experts Warn of Widespread Exploitation Involving Hikvision Cameras
  • Google Pixel Sees Huge Sales Growth, Has 2% of North American Market
  • Bay Area Startup Wants To Make Call Center Workers Sound 'White and American'
  • Biden is Canceling Up To $10K in Student Loans, $20K For Pell Grant Recipients

      Securing You Machine

      Due to a few requests we have compiled this page to help you better secure your Linux box from those devious 'hackers' and general 'attackers' that may pray upon you. Since this site deals with setting up Linux for broadband Internet there is always the risk of people trying to gain access to your machine since it is on 24/7, this guide is meant to be a starting point for making your server more secure and in the attempt to prevent the above mention people from causing problems for you.

      Security Guide cont'd.


    Protecting Your Ports
    This is a one of the best ways of securing your machine, if you prevent certain ports from being accessible from people outside your private network (LAN) then there is less chance that they will be able to gain access or cause problems (i.e. via flooding or DoS attacks etc.). To prevent ports from being visible to the outside world you will need to modify your firewall or even better yet you can download an secure firewall script and then modify it to allow the things you want to allow.

    In the previous Setup and Sharing section of this site we described a very simple method of firewalling, this was just using the default action of DENY, although this is good, its not the best, you can do better.

    There are many comprehensive firewall scripts available on the net that can be freely downloaded, we will only talk about a couple here:


    "rcf (aka rc.firewall) is an ipchains-based firewall with support for over 50 network services (including vtun, dhcp, nfs, smb, napster, proxies, online games, etc.), masquerading, port forwarding, and ip accounting. All services are self-contained modules which can be prioritized in the ipchains stack. Protections include spoofing, stuffed routing/masqerading, DoS, smurf attacks, outgoing port scans, and many more. rcf also supports unlimited public, private (masqu'ed), dmz, and mz (non-masq'ed) interface and their subnets. Access rules are defined per interface and dmz/mz server "clusters". rcf is compatible with Red Hat, Slackware, Debian, Linux Router Project (LRP), and many other distros. rcf is distributed under the General Public License (GPL) terms."

    As with most Linux things rc.firewall comes in both a tarball version (rcf-5.1.tar.gz) and a rpm version (rcf-5.1-1.noarch.rpm) for those of you with Red Hat and any distro that supports RPM technology.

    Below is the instructions for installing the tarball version, to install the rpm just type rpm-ivh rcf-5.1-1.noarch.rpm and then you can configure it as below.

    1. Untar the package by typing tar xzvf rcf-5.1.tar.gz.
    2. Next, cd into the directory it creates, e.g. cd rcf-5.1/.
    3. Read the INSTALL file provided. i.e. cat INSTALL | more.
    4. Run sh and follow the prompts, or follow the manual instructions from the INSTALL file.
    5. Edit the appropriate files and start the script. (please read the rc.firewall site mentioned above for details)


    "PMFirewall is an Ipchains Firewall and Masquerading Configuration Utility for Linux. It was designed to allow a beginner to build a custom firewall with little or no ipchains experience."

    This firewall only comes in a tarball version (pmfirewall-1.1.4.tar.gz) and should support just about any version of Linux according to their site.

    1. Untar the package by typing tar xzvf pmfirewall-1.1.4.tar.gz.
    2. Next, cd into the directory it creates, e.g. cd pmfirewall-1.1.4/.
    3. Read the README and INSTALL files provided. i.e. cat README | more, cat INSTALL | more.
    4. Run sh and follow the prompts.
    5. Add you own rules to pmfirewall.rules.local.
    6. Start pmfirewall using the path given by the install script.
    7. Read the man page.
    8. If you wish to see the rules, type: ipchains -L -n
    9. If you have a problem then read the supplied man page. Otherwise e-mail the creator Rick Johnson.

    Firestarter Firewall

    For those of you who want a GUI based firewall then this is definately your choice, its easy to install and can be setup by following the simple steps in the GUI.

    "It features an easy to use firewall wizard to quickly create a firewall. Using the program you can then open and close ports with a few clicks, or stealth your machine giving access only to a select few. The real-time hit monitor shows attackers probing your machine. Firestarter is made for the GNOME desktop."

    You can download the program in either a RPM (firestarter-0.7.1-1.i386.rpm) version or a tarball (firestarter-0.7.1.tar.gz), just use the usual methods to extract them. Firestarte requires GNOME 1.2 or later and IPChains for 2.2.x machines and Netfilter for 2.4.x ones.

    Below is just a quick screenshot of Firestarter in action:

    Stick's Firewall

    This custom firewall by Dave Fitches comes in both a IPchains and IPtables (for 2.4.x kernels) version, these are definitely worth a visit if you want to write your own or just get a nice simple to understand and powerful firewall script.

    In order to use these scripts all you must do is go to the above mentioned pages and copy the test and paste it into a document on your Linux machine, e.g. for the IPchains version just copy the text and open pico filewall.ipchains and past the script into that. You will then need to chmod +x firewall.ipchains, now you can run it, or modify it as you need. Please visit his site for detailed information and setup instructions.

    Final notes and conclusion... CONTINUE

    Proudly Hosted By:
    Hosted by PEBKAC Consulting

    Please read our Legal Notice for information concerning our site and its content.
    All logos and trademarks in this site are property of their respective owner. All the rest © 2000 - 2016 by


    D-Link DI-704P
    VIA EPIA-M 9000
    Tux Applique
    Ricoh MP5125A
    AMD XP 2600+
    3DProphet 9000Pro
    Radeon 9700 Pro
    XTNDAccess IrDA
    Netgear FS-524s
    DSR2161 KVM
    Game TheaterXP & XPS-510 Speakers
    3D Prophet 4000XT
    AutoView 400
    Back-UPS CS 350
    Dual Neon Kit
    SwitchView KVM
    20x4 LCD Kit
    Window Kit

    XML error: Attribute without value at line 2.
    Google Search
    Enter Keywords:

    Bash Jokes

    % sleep with me

    bad character

    Virtualization, Virtual Machine & Virtual Server Consolidation - VMware

    The Community ENTerprise Operating System

    Get Slackware Linux


    Use Asterisk