Rocksolid Light

Welcome to Rocksolid Light

register   nodelist   faq  


rocksolid / rocksolid.shared.i2p / Re: FirewallD Tips

SubjectAuthor
* FirewallD TipsGuest
`* Re: FirewallD TipsAnonUser
 `* Re: FirewallD TipsGuest
  `- Re: FirewallD TipsAnonUser

Subject: FirewallD Tips
From: guest@retrobbs.rocksolidbbs.com (Guest)
Newsgroups: rocksolid.shared.i2p
Organization: Dancing elephants
Date: Fri, 21 Feb 2020 23:14 UTC
FirewallD Tips

Just let me say that if you are running nginx or Arch with BSD server or Gentoo with ZeroShell router... don't waste your time reading further.

This is for Linux people who use GUFW or UFW and their sense of self preservation screams HELP!  Even Parrot uses GUFW a disgrace!

First just let me say that FirewallD is a complex dynamic firewall and it is not simple to learn.  You would expect that people that maintained i2p/d repos for Fedora (FirewallD is standard) for years would know better by now, but this is not the case.  I have not seen one done correctly yet,  just some dangerous junk.

I will use the instructions for Debian and remember these are just tips for i2p Java for a static configuration.

 You need to install:  firewalld, firewall-config, firewall-applet and python3-firewall.  sudo apt or syanptic or some other package manager is fine.
 To start the graphical configuration /usr/bin/firewall-config or click on the brick wall that appears in your menu.
  1. To make permanent changes you need to change from Runtime to Permanent and than from Option to Reload Firewall.  I suggest you do it after each change to make sure it saved.
  2.  First change the default zone to Drop (Options -> Change Default Zone).  Reload firewall.
  3.  Top Tab = Zones  Bottom Tab = Ports  Add your i2p ports here:  123 UDP, Your router ports lets say 12345 UDP, 12345 TCP
  4.  Top Tab = Zones  Bottom Tab = Source Ports
 Add your i2p ports 12345 UDP and 12345 TCP ports.
  5.  Top Tab = Zones Bottom Tab = Port Forwarding
 Add your ipv4 protocol ports Only to those specified by i2p Java.  Most maintainers do the whole range.
  6  Top Tab = Zones Bottom Tab = Interface
 Add your interface (example eth0)
  7  Top Tab = Services Bottom Tab = Ports
 Select NTP from the list and add UDP and TCP 123
  8  Top Tab = Services Bottom Tab = Source Port
 Add your i2p ports 12345 UDP and 12345 TCP ports and 123 UDP


Posted on def3


Subject: Re: FirewallD Tips
From: AnonUser@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.i2p
Organization: Rocksolid Light
Date: Fri, 21 Feb 2020 23:23 UTC
Guest wrote:

FirewallD Tips

Just let me say that if you are running nginx or Arch with BSD server or Gentoo with ZeroShell router... don't waste your time reading further.

This is for Linux people who use GUFW or UFW and their sense of self preservation screams HELP!  Even Parrot uses GUFW a disgrace!

First just let me say that FirewallD is a complex dynamic firewall and it is not simple to learn.  You would expect that people that maintained i2p/d repos for Fedora (FirewallD is standard) for years would know better by now, but this is not the case.  I have not seen one done correctly yet,  just some dangerous junk.

What makes firewalld a better choice than ufw? Aren't they both basically frontends for iptables?

--
Posted on Rocksolid Light
rslight.i2p


Subject: Re: FirewallD Tips
From: guest@retrobbs.rocksolidbbs.com (Guest)
Newsgroups: rocksolid.shared.i2p
Organization: Dancing elephants
Date: Sat, 22 Feb 2020 17:38 UTC
Firewalld is systemD.  It was release by Red Hat so that people will write dynamic configurations.  For i2p you can allow only the reseed servers at start and latter configure based on needs.  That would be a lot of work.  They do have a site and you can search for comparisons.
Posted on def3


Subject: Re: FirewallD Tips
From: AnonUser@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.i2p
Organization: Rocksolid Light
Date: Sun, 23 Feb 2020 10:41 UTC
Guest wrote:

Firewalld is systemD. 

I already have too much systemd thanks for the warning.

--
Posted on Rocksolid Light
rslight.i2p


1
rocksolid light 0.6.5e
clearnet i2p tor