Configure a Firewall with Arno Iptables in Debian 5

Traducciones al Español
Estamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
Deprecated

This guide has been deprecated and is no longer being maintained.

Create a Linode account to try this guide with a $ credit.
This credit will be applied to any valid services used during your first  days.

Firewall software is designed to limit access to network resources running on your Linode to authorized parties. Some services, such as a public web server, may be accessible to anyone. Others might be more restricted, such as an SSH daemon for remote system administration.

This guide will help you get the arno-iptables-firewall package installed and configured under Debian 5 (Lenny). For purposes of this tutorial, we assume the user is logged in as root via SSH, and that the prerequisite steps in the Setting Up and Securing a Compute Instance have already been followed.

Installing the Firewall

Make sure your package repositories and installed programs are up to date by issuing the following commands:

apt-get update
apt-get upgrade --show-upgraded

Issue the following command in your terminal:

apt-get install arno-iptables-firewall

You will be led through a series of configuration dialogs. In the example below, we’re assuming your Linode has one public IP address on eth0 and one private IP address on the alias eth0:0 (a private IP is not required). Please be sure to refer to the Networking tab in the Linode Cloud Manager for your specific settings.

Configuring the Firewall

As part of the installation process, you’ll be presented with a debconf dialog for configuration. Choose “Yes” to allow your configuration to be interactively managed by debconf:

Debconf dialog for arno-iptables-firewall configuration.

Enter the name of your external network interface. Linodes have eth0 by default.

arno-iptables-firewall external interface definition

Enter a list of TCP ports you’d like to be accessible through your Linode’s public IP address, separated by spaces. In this example we’ve specified SSH, SMTP, HTTP, HTTPS, IMAPS and POP3S. You may wish to open additional ports if you run other public services on your Linode.

arno-iptables-firewall open TCP ports definition

Specify the UDP ports you’d like to be open to the public in the same manner.

arno-iptables-firewall open UDP ports definition

If you have a private IP address assigned to your Linode, you can specify the interface alias for it next. In this example, we’re allowing all traffic from the private network range to the private interface alias eth0:0. You may fine-tune this later to only allow access from specific hosts on the backend network. If you don’t have a private IP address configured, simply leave this field blank.

arno-iptables-firewall private network interfaces definition

If required, specify the address range for the private network (expressed in CIDR notation).

arno-iptables-firewall private network range (CIDR) definition

You will be asked whether the firewall should be started now. Answer “Yes” here and continue.

arno-iptables-firewall firewall start query

After the initial debconf dialog exits, a few packages that arno-iptables-firewall depends upon will be configured. You will be prompted to restart the firewall after the configuration is complete.

arno-iptables-firewall firewall restart query

Your firewall should be functioning correctly at this point. You can reference the file /etc/arno-iptables-firewall/firewall.conf for additional configuration beyond the scope of the debconf dialogs. To start/stop/restart the firewall from the shell, use the command /etc/init.d/arno-iptables-firewall [start|stop|restart].

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

This page was originally published on


Your Feedback Is Important

Let us know if this guide made it easy to get the answer you needed.


Join the conversation.
Read other comments or post your own below. Comments must be respectful, constructive, and relevant to the topic of the guide. Do not post external links or advertisements. Before posting, consider if your comment would be better addressed by contacting our Support team or asking on our Community Site.