apt-get install firehol
# Enable all your services and interfaces you need
# run this to automatically generate a config file or a template
firehol-wizard helpme >/etc/firehol/firehol.conf
# look at /etc/firehol/firehol.conf
# take out all the comments, disable anything that you dont need
# this is what I have (a standalone server, with no computer behing me)
# I have ssh, asterisk, http running on my computer
# I allow people on my network to ping, sip, ssh, http me
# I allow people on internet to ssh, http, sip me
interface eth0 interface1 src "128.195.100.0/24"
server ICMP accept
server sip accept
server ssh accept
server http accept
client all accept
interface eth0 interface2 src not "${UNROUTABLE_IPS} 128.195.100.0/24"
policy drop
# server iax2 accept
# server ICMP accept
server sip accept
server ssh accept
server http accept
client all accept
# nano /etc/default/firehol
# change no to yes
# make sure it runs when startup
ln -s ../init.d/firehol S92firehol
# restart servies
/etc/init.d/firehol restart
# go to this web site to port scan your computer
-----------------------------------------------------------------
View What Your Firewall Blocks
apt-get install fwanalog
# open your browser as root
# go to /var/log/fwanalog/today.html
# you will see a beautiful report!
