WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: TCL 15.0 64bit... How to start and use Firewalld? (ie. How to set up Firewall?)  (Read 464 times)

Offline lizardidi

  • Newbie
  • *
  • Posts: 17
Good day, TCL Forumers!

In 32 bit TCL, we set up firewall using a scripts from iptables.tcz... How about TCL64? In 64 bit version, there is an extension named Firewalld. Upon downloading and loaded the extension, i tried to start Firewalld according to the instruction in tce-load:
Quote
sudo firewalld
An error occured which is dbus module not found.

So I start dbus with:
Quote
sudo /usr/local/etc/init.d/dbus start

Now dbus is running, but I still get the dbus not running error, and Firewalld is not starting.

Well, I must have done some steps wrong. The topic about Firewalld on this forum is scarce... Can someone shine some light for me regarding how to set up a proper firewall for basic home computing tasks. Found 2 results from google search about Firewalld for tinycore forum:

https://forum.tinycorelinux.net/index.php/topic,23732.15.html

https://forum.tinycorelinux.net/index.php/topic,21180.0.html


Both topics did not provide enough details to set up firewalld.

I would happily accept any other suggestions, other than firewalld, if there's other. A search for UFW in repo return negative result.

 :D :D :D

    [Edit]: Removed Google gobbledygook from first link. Removed redundant second link.  Rich
 
« Last Edit: November 12, 2024, 08:25:39 AM by Rich »

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
iptables works on all platforms?
The only barriers that can stop you are the ones you create yourself.

Online gadget42

  • Hero Member
  • *****
  • Posts: 800
humble request to an admin/mod regarding a couple links above. could these be cleaned up(there is no need to have anything more than the direct forum thread urls). thanks.
The fluctuation theorem has long been known for a sudden switch of the Hamiltonian of a classical system Z54 . For a quantum system with a Hamiltonian changing from... https://forum.tinycorelinux.net/index.php/topic,25972.msg166580.html#msg166580

Online Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11638
Hi gadget42
Done.

Offline GNUser

  • Wiki Author
  • Hero Member
  • *****
  • Posts: 1511
I would happily accept any other suggestions, other than firewalld, if there's other. A search for UFW in repo return negative result.
Hi lizardidi. I'm sure iptables.tcz is available in every TCL version. 64-bit repo also has nftables.tcz. I personally use nftables for firewall and am very happy with it.

Offline lizardidi

  • Newbie
  • *
  • Posts: 17
Topic renamed to => How to set up Firewall for Tiny Core
« Reply #5 on: November 25, 2024, 10:51:01 PM »
I would happily accept any other suggestions, other than firewalld, if there's other. A search for UFW in repo return negative result.
Hi lizardidi. I'm sure iptables.tcz is available in every TCL version. 64-bit repo also has nftables.tcz. I personally use nftables for firewall and am very happy with it.

Thanks @GNUser!!!
Last week I tried iptables.tcz. Can I verify few important information:

After I tce-load -wi iptables.tcz (ie. load iptables on every boot), do I need to key in any command to start or activate the iptables rules?

When type "sudo iptables -L", I can see by default it applied a set of rules. Is this sufficient, or the correct way to setup a basic firewall?
Below are the command I typed:
Quote
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT

sudo iptables -A INPUT -p icmp -j ACCEPT
sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

sudo iptables -A INPUT -p tcp -j REJECT --reject-with icmp-port-unreachable
sudo iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
sudo iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable

Below are my iptables output:
Quote
tc@box:~$ sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ES       TABLISHED
ACCEPT     all  --  anywhere             anywhere           
REJECT     tcp  --  anywhere             anywhere             reject-with tcp-re       set
REJECT     udp  --  anywhere             anywhere             reject-with icmp-p       ort-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-p       roto-unreachable

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 

Do I need to add these into /opt/bootlocal.sh to so they run on every boot?

« Last Edit: November 25, 2024, 10:55:03 PM by lizardidi »

Online Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11638
Hi lizardidi
The 32 bit version of iptables includes a basic-firewall script
which for some reason was not included in the 64 bit version.

I've attached a copy. Maybe it will serve your needs, or you
could adapt it to meet your needs.

Save it to /usr/local/sbin/.
Then:
Code: [Select]
sudo chmod 755 /usr/local/sbin/basic-firewall
echo usr/local/sbin/basic-firewall >> /opt/.filetool.lst
filetool.sh -b

Those 3 steps:
1. Made the script executable.
2. Added the script to your backup list.
3. Backed up the script.

If you edit the script, run:
Code: [Select]
filetool.sh -bso your changes survive when you reboot.

Offline lizardidi

  • Newbie
  • *
  • Posts: 17
Thanks @Rich!

Replace my iptable rules with the basic-firewall script, since both ChatGpt and Microsoft Copilot Ai agreed that the "basic" firewall will provide a solid protection for basic usage.  ;D ;D ;D