I continue to be impressed by Salix's flexibility. This laptop has done just about everything from ordinary browsing and e-mail up to running Blender 3D modelling. Now I've almost finished configuring our living room PC into a Salix HTPC complete with MythTV and arcade emulator. So I've begun wondering about my plans for the home network. Rather than start from scratch with a specialized OS like PFsense could I just tweak Salix into being an effective firewall/router? Something with similar functionality to PFsense, a bit more sophisticated than just IP tables. I've seen the idea mentioned at least once here on the forum, somewhere. But I haven't seen any progress reports or anything that leads me to think the idea has been pursued very far.
I know there are distros like Kali and hardened Gentoo that specialize in security. So I know there are good Linux security options. How feasible is it to add some of that to Salix? Would it require a complete rebuild?
Of course, this would be a completely CLI version of Salix. So would it even still be Salix? How much can you take away from a distro before losing its identity? Still, the idea of having my entire network running what I consider to be the optimum Linux distro is quite appealing. Any thoughts? Any forums I should look at? Documentation I should read?
Salix router?
Re: Salix router?
Short answer: yesSasquatch wrote:could I just tweak Salix into being an effective firewall/router?
Long answer: You'd want to do a core install. Yes it's still Salix (salix init scripts, salix tools, etc).
I'm still running 14.1, but I'm guessing 14.2 should look pretty similar if you do:
Code: Select all
$ spi --search firewall
Available packages:
gufw [Not installed]: gufw (GUI for ufw)
iptables [Installed]: iptables (IP packet filter administration)
nmap [Installed]: nmap (network scanner)
ufw [Not installed]: ufw (uncomplicated firewall)
Available SlackBuilds:
arno-iptables-firewall [Not installed]: arno-iptables-firewall (front-end for iptables)
firehol [Not installed]: firehol (An easy to use but powerfull iptables stateful firewall)
fwbuilder [Not installed]: fwbuilder (Firewall creation utility)
gui-ufw [Not installed]: gui-ufw (GUI for Uncomplicated Firewall)
modsecurity-apache [Not installed]: ModSecurity for Apache (a web application firewall)
pgl [Not installed]: PeerGuardian (Privacy-oriented Firewall Application)
shorewall [Not installed]: Shorewall (IPv4 support package for the Shoreline Firewall)
shorewall6 [Not installed]: Shorewall6 (IPv6 support package for the Shoreline Firewall)
With the options presented, the closest solution to pfsense/opnsense I can see would be a combination of shorewall+webmin.
As far as hardening is concerned, I think you're looking at lot of work + the requirement of in-depth knowledge. I'd be happy to be proven wrong however!
Re: Salix router?
Definitely looks possible. I'll have to do a lot more studying on networking first. So much to learn. I think I'll end up with a whole section of my library devoted to just IT books. But I'm having fun.
Re: Salix router?
My 14.2 package for ufw doesn't seem to have been uploaded to the repositories, but can be found here:
http://people.salixos.org/mimosa/packages/ufw/0.35/
Download according to your architecture and install with spkg, e.g.
http://people.salixos.org/mimosa/packages/ufw/0.35/
Download according to your architecture and install with spkg, e.g.
Code: Select all
sudo spkg ufw-0.35-x86_64-1tjb.txz
Re: Salix router?
What's the difference between that and the package I see with slapt-get?mimosa wrote:My 14.2 package for ufw doesn't seem to have been uploaded to the repositories, but can be found here:
http://people.salixos.org/mimosa/packages/ufw/0.35/
Download according to your architecture and install with spkg, e.g.
Code: Select all
sudo spkg ufw-0.35-x86_64-1tjb.txz
Code: Select all
slapt-get --search ufw
gui-ufw-12.04.1-x86_64-1salix [inst=no]: gui-ufw (GUI for Uncomplicated Firewall)
kcm_ufw-0.4.3-x86_64-1salix [inst=no]: kcm_ufw (KDE Control Module for UFW)
ufw-0.35-x86_64-1salix [inst=no]: IS FILE:
Re: Salix router?
My bad, it obviously is there. I am using 14.1 at the moment, so checked indirectly.
EDIT unless that salix1 thing means our new extra repository of prebuilt packages from SBo ... in either case, you can install it and it should work.
EDIT unless that salix1 thing means our new extra repository of prebuilt packages from SBo ... in either case, you can install it and it should work.
Re: Salix router?
Holy mackerel! That was the quickest install I've ever seen. I thought something went wrong. But it seems to work.
I'll have to check out other documentation to fully understand exactly what it does. I'm only vaguely aware of the very basics of networking. I need to get a book or three on the subject.
Code: Select all
$ ufw --help
Usage: ufw COMMAND
Commands:
enable enables the firewall
disable disables the firewall
default ARG set default policy
logging LEVEL set logging to LEVEL
allow ARGS add allow rule
deny ARGS add deny rule
reject ARGS add reject rule
limit ARGS add limit rule
delete RULE|NUM delete RULE
insert NUM RULE insert RULE at NUM
route RULE add route RULE
route delete RULE|NUM delete route RULE
route insert NUM RULE insert route RULE at NUM
reload reload firewall
reset reset firewall
status show firewall status
status numbered show firewall status as numbered list of RULES
status verbose show verbose firewall status
show ARG show firewall report
version display version information
Application profile commands:
app list list application profiles
app info PROFILE show information on PROFILE
app update PROFILE update PROFILE
app default ARG set default application policy