Salix router?

Other talk about Salix
Post Reply
Sasquatch
Posts: 155
Joined: 26. Mar 2014, 00:50

Salix router?

Post by Sasquatch »

I continue to be impressed by Salix's flexibility. This laptop has done just about everything from ordinary browsing and e-mail up to running Blender 3D modelling. Now I've almost finished configuring our living room PC into a Salix HTPC complete with MythTV and arcade emulator. So I've begun wondering about my plans for the home network. Rather than start from scratch with a specialized OS like PFsense could I just tweak Salix into being an effective firewall/router? Something with similar functionality to PFsense, a bit more sophisticated than just IP tables. I've seen the idea mentioned at least once here on the forum, somewhere. But I haven't seen any progress reports or anything that leads me to think the idea has been pursued very far.

I know there are distros like Kali and hardened Gentoo that specialize in security. So I know there are good Linux security options. How feasible is it to add some of that to Salix? Would it require a complete rebuild?

Of course, this would be a completely CLI version of Salix. So would it even still be Salix? How much can you take away from a distro before losing its identity? Still, the idea of having my entire network running what I consider to be the optimum Linux distro is quite appealing. Any thoughts? Any forums I should look at? Documentation I should read?
User avatar
maximus
Posts: 141
Joined: 2. Sep 2009, 01:41

Re: Salix router?

Post by maximus »

Sasquatch wrote:could I just tweak Salix into being an effective firewall/router?
Short answer: yes

Long answer: You'd want to do a core install. Yes it's still Salix (salix init scripts, salix tools, etc).

I'm still running 14.1, but I'm guessing 14.2 should look pretty similar if you do:

Code: Select all

$ spi --search firewall
Available packages:
gufw [Not installed]: gufw (GUI for ufw)
iptables [Installed]: iptables (IP packet filter administration)
nmap [Installed]: nmap (network scanner)
ufw [Not installed]: ufw (uncomplicated firewall)

Available SlackBuilds:
arno-iptables-firewall [Not installed]: arno-iptables-firewall (front-end for iptables)
firehol [Not installed]: firehol (An easy to use but powerfull iptables stateful firewall)
fwbuilder [Not installed]: fwbuilder (Firewall creation utility)
gui-ufw [Not installed]: gui-ufw (GUI for Uncomplicated Firewall)
modsecurity-apache [Not installed]: ModSecurity for Apache (a web application firewall)
pgl [Not installed]: PeerGuardian (Privacy-oriented Firewall Application)
shorewall [Not installed]: Shorewall (IPv4 support package for the Shoreline Firewall)
shorewall6 [Not installed]: Shorewall6 (IPv6 support package for the Shoreline Firewall)
You could just write the iptables script yourself, if learning how it all works down to the nitty gritty interests you. From the repos I see ufw, which is a frontend for iptables. From SlackBuilds we have some more options; there are several iptables frontends firehol, shorewall, arno-iptables-firewall. There's also fwbuilder which lets you configure an iptables script offline using a GUI which you can then upload to the machine you want to run it on.

With the options presented, the closest solution to pfsense/opnsense I can see would be a combination of shorewall+webmin.

As far as hardening is concerned, I think you're looking at lot of work + the requirement of in-depth knowledge. I'd be happy to be proven wrong however!
Sasquatch
Posts: 155
Joined: 26. Mar 2014, 00:50

Re: Salix router?

Post by Sasquatch »

Definitely looks possible. I'll have to do a lot more studying on networking first. So much to learn. I think I'll end up with a whole section of my library devoted to just IT books. But I'm having fun. :D
User avatar
mimosa
Salix Warrior
Posts: 3311
Joined: 25. May 2010, 17:02
Contact:

Re: Salix router?

Post by mimosa »

My 14.2 package for ufw doesn't seem to have been uploaded to the repositories, but can be found here:

http://people.salixos.org/mimosa/packages/ufw/0.35/

Download according to your architecture and install with spkg, e.g.

Code: Select all

sudo spkg ufw-0.35-x86_64-1tjb.txz  
Sasquatch
Posts: 155
Joined: 26. Mar 2014, 00:50

Re: Salix router?

Post by Sasquatch »

mimosa wrote:My 14.2 package for ufw doesn't seem to have been uploaded to the repositories, but can be found here:

http://people.salixos.org/mimosa/packages/ufw/0.35/

Download according to your architecture and install with spkg, e.g.

Code: Select all

sudo spkg ufw-0.35-x86_64-1tjb.txz  
What's the difference between that and the package I see with slapt-get?

Code: Select all

slapt-get --search ufw
gui-ufw-12.04.1-x86_64-1salix [inst=no]: gui-ufw (GUI for Uncomplicated Firewall)
kcm_ufw-0.4.3-x86_64-1salix [inst=no]: kcm_ufw (KDE Control Module for UFW)
ufw-0.35-x86_64-1salix [inst=no]: IS FILE:
User avatar
mimosa
Salix Warrior
Posts: 3311
Joined: 25. May 2010, 17:02
Contact:

Re: Salix router?

Post by mimosa »

My bad, it obviously is there. I am using 14.1 at the moment, so checked indirectly.

EDIT unless that salix1 thing means our new extra repository of prebuilt packages from SBo ... in either case, you can install it and it should work.
Sasquatch
Posts: 155
Joined: 26. Mar 2014, 00:50

Re: Salix router?

Post by Sasquatch »

Holy mackerel! That was the quickest install I've ever seen. I thought something went wrong. But it seems to work.

Code: Select all

$ ufw --help

Usage: ufw COMMAND

Commands:
 enable                          enables the firewall
 disable                         disables the firewall
 default ARG                     set default policy
 logging LEVEL                   set logging to LEVEL
 allow ARGS                      add allow rule
 deny ARGS                       add deny rule
 reject ARGS                     add reject rule
 limit ARGS                      add limit rule
 delete RULE|NUM                 delete RULE
 insert NUM RULE                 insert RULE at NUM
 route RULE                      add route RULE
 route delete RULE|NUM           delete route RULE
 route insert NUM RULE           insert route RULE at NUM
 reload                          reload firewall
 reset                           reset firewall
 status                          show firewall status
 status numbered                 show firewall status as numbered list of RULES
 status verbose                  show verbose firewall status
 show ARG                        show firewall report
 version                         display version information

Application profile commands:
 app list                        list application profiles
 app info PROFILE                show information on PROFILE
 app update PROFILE              update PROFILE
 app default ARG                 set default application policy
I'll have to check out other documentation to fully understand exactly what it does. I'm only vaguely aware of the very basics of networking. I need to get a book or three on the subject.
Post Reply