TCL 15.0 64bit... How to start and use Firewalld? (ie. How to set up Firewall?)

[lizardidi]

Good day, TCL Forumers!

In 32 bit TCL, we set up firewall using a scripts from iptables.tcz... How about TCL64? In 64 bit version, there is an extension named Firewalld. Upon downloading and loaded the extension, i tried to start Firewalld according to the instruction in tce-load:

sudo firewalld

An error occured which is dbus module not found.

So I start dbus with:

sudo /usr/local/etc/init.d/dbus start

Now dbus is running, but I still get the dbus not running error, and Firewalld is not starting.

Well, I must have done some steps wrong. The topic about Firewalld on this forum is scarce... Can someone shine some light for me regarding how to set up a proper firewall for basic home computing tasks. Found 2 results from google search about Firewalld for tinycore forum:

https://forum.tinycorelinux.net/index.php/topic,23732.15.html

https://forum.tinycorelinux.net/index.php/topic,21180.0.html


Both topics did not provide enough details to set up firewalld.

I would happily accept any other suggestions, other than firewalld, if there's other. A search for UFW in repo return negative result.

 

    [Edit]: Removed Google gobbledygook from first link. Removed redundant second link.  Rich
 

[curaga]

iptables works on all platforms?

[gadget42]

humble request to an admin/mod regarding a couple links above. could these be cleaned up(there is no need to have anything more than the direct forum thread urls). thanks.

[Rich]

Hi gadget42
Done.

[GNUser]

I would happily accept any other suggestions, other than firewalld, if there's other. A search for UFW in repo return negative result.

Hi lizardidi. I'm sure iptables.tcz is available in every TCL version. 64-bit repo also has nftables.tcz. I personally use nftables for firewall and am very happy with it.

[lizardidi]

I would happily accept any other suggestions, other than firewalld, if there's other. A search for UFW in repo return negative result.

Hi lizardidi. I'm sure iptables.tcz is available in every TCL version. 64-bit repo also has nftables.tcz. I personally use nftables for firewall and am very happy with it.

Thanks @GNUser!!!
Last week I tried iptables.tcz. Can I verify few important information:

After I tce-load -wi iptables.tcz (ie. load iptables on every boot), do I need to key in any command to start or activate the iptables rules?

When type "sudo iptables -L", I can see by default it applied a set of rules. Is this sufficient, or the correct way to setup a basic firewall?
Below are the command I typed:

sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT

sudo iptables -A INPUT -p icmp -j ACCEPT
sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

sudo iptables -A INPUT -p tcp -j REJECT --reject-with icmp-port-unreachable
sudo iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
sudo iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable

Below are my iptables output:

tc@box:~$ sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ES       TABLISHED
ACCEPT     all  --  anywhere             anywhere           
REJECT     tcp  --  anywhere             anywhere             reject-with tcp-re       set
REJECT     udp  --  anywhere             anywhere             reject-with icmp-p       ort-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-p       roto-unreachable

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 

Do I need to add these into /opt/bootlocal.sh to so they run on every boot?

[Rich]

Hi lizardidi
The 32 bit version of iptables includes a basic-firewall script
which for some reason was not included in the 64 bit version.

I've attached a copy. Maybe it will serve your needs, or you
could adapt it to meet your needs.

Save it to /usr/local/sbin/.
Then:

Code: [Select]

sudo chmod 755 /usr/local/sbin/basic-firewall
echo usr/local/sbin/basic-firewall >> /opt/.filetool.lst
filetool.sh -b
Those 3 steps:
1. Made the script executable.
2. Added the script to your backup list.
3. Backed up the script.

If you edit the script, run:

Code: [Select]

filetool.sh -bso your changes survive when you reboot.

[lizardidi]

Thanks @Rich!

Replace my iptable rules with the basic-firewall script, since both ChatGpt and Microsoft Copilot Ai agreed that the "basic" firewall will provide a solid protection for basic usage.