Ian Douglas wrote:
Hi Folks,
I am a newbie home based Linux user with dial-up access to the internet. Up until now, because of the small, infrequent, amount of time I am actually connected to the internet, I have simply been ensuring that I always log on as a normal user (rather than root) to protect my PC, however I have recently been wondering whether it would be wise to install some kind of protection for my PC. Looking in my little Linux text book it would appear that "ipchains" would probably be sufficient for my needs (rather than setting up a dedicated firewall), however, when I try to use ipchains I get the error message:
ipchains: Incompatible with this kernel.
The kernel I am using is 2.4.10 and I am wondering if this error message is hinting that ipchains has now been superseded. Is there a modern replacement for ipchains? If so then what is it and where could I find some info on setting it up to protect my PC?
The replacement (and enhancement) for ipchains is iptables, which is only supported in the 2.4 kernel or later. As usual, Linux >2.4 also supports ipchains, *but* the two can't run on the same box at the same time. It may be that you have iptables already installed. Try typing "iptables -L" and see what happens.
In truth, not only is iptables much more powerful (it's "stateful" for instance) but it's more complicated. One of the many advantages of the SuSE distro is that it comes with an easy-to-use tool called personal-firewall which is designed for just the scenario you describe. That said, a few hours reading on the net, and some fiddling about will produce a working firewall script which you can call from your ipup script.
I've done a fair bit of work on firewalls, and ALUG lists passim have a few examples. Shout if you need help.
Cheers, Laurie.