Iptables Firewall

Iptables can control all traffic to and from the internet, and all traffic to and from other computers on a network. It can be used to keep the computer secure.

Install Iptables

To use Iptables, you must Install it.

Basic Firewall

To start the basic firewall each time Tinycore is started, add

/usr/local/sbin/basic-firewall

to /opt/bootlocal.sh.

Before connecting to the internet, turn the computer off and restart, so the firewall is running.

If you have persistent opt, settings will be saved. If you don't have persistent opt, you must Backup when shutting down Tinycore.

This firewall is ideal for most home users.

Display Iptables Setup

To display the iptables setup, open the terminal and type

sudo iptables -vL

To display numeric values, type

sudo iptables -vnL

How does it work?

Following is a simplistic explanation (not a comprehensive explanation) of how the firewall works, for those not familiar with Iptables.

If you open the terminal and type one of the commands above, you will see the Iptables rules.

You will notice three headings:

Chain INPUT policy DROP

Chain FORWARD policy DROP

Chain OUTPUT policy ALLOW

These policies determine what happens to anything not covered by other Iptables rules.

OUTPUT refers to anything sent from your computer. Notice the policy is ALLOW. The OUTPUT chain does not have any other rules. So everything you send will be allowed.

FORWARD refers to anything passed to other computers in a network. The policy is DROP. Nothing will be passed to other computers. This firewall is for a single computer. A firewall for a network would have different rules.

INPUT refers to anything coming into your computer.

The INPUT chain has rules.

In the first rule, you will notice it says “lo.” This rule is for loopback. Loopback is when something starts in your computer and finishes in your computer, but passes through the firewall on the way. Loopback is accepted. It is not a security threat, as it comes from your computer.

In the second rule, you will see anything “RELATED,ESTABLISHED,” is accepted. RELATED refers to anything related to what you are doing. For example, if you are viewing a web page, anything from that web page will be accepted. Established refers to more of something which has already been accepted. More from the same web page will be allowed because it is established.

Notice the third rule says “dpt:auth” or “dpt:113” (destination port: authentication/113). Port 113 is used for authentication. Notice the policy is REJECT.

What is the difference between DROP and REJECT? In both cases, anything sent is prevented from entering your computer. When DROP is used, nothing is returned to the sender. When REJECT is used, a message is returned to the sender, saying received what you sent but not allowing it into the computer.

Not allowing it into your computer maintains security, as port 113 could be used by hackers, or to transmit malware.

Some programs use port 113 for authentication. If it was just dropped, they may wait some time for a response, so connecting may take longer. When your computer sends a message back, there is no need to wait, so connection is quicker.

There are only three rules. What happens to anything else sent to your computer? This is where Chain INPUT policy DROP comes in. Anything not covered by any of the rules will be dropped.

Some people refer to this firewall as putting the computer in stealth mode. Anything sent to your computer which you did not request will be dropped. If malware was sent to your IP address, it would be prevented from entering your computer. If someone tried to hack into your computer, anything they sent would be prevented from entering your computer, and the computer would not send a response back, so they would not know you are there (except for things sent to port 113).

Don't have anything which hackers could use on your computer

If you use this firewall in Tinycore it is extremely unlikely that you will have any security problems.

However, hackers, and people writing malware, often look at existing security measures and try to find ways to get around them.

There is no such thing as a computer connected to the internet which can be guaranteed to be totally secure.

To be safe, don't have anything on your computer which hackers could use. For example, don't have bank account details on your computer. If it is not there, there is no risk that someone could get it. Then you can be totally confident about security.

Print/export
QR Code
QR Code wiki:firewall (generated for current page)