https://wiki.ipfire.org/optimization/st ... ardening #
(Many thanks to the Autor of the hardening guide: viewtopic.php?f=27&t=15151&start=30)
What i have done (all works fine only if the Firewall-Options are FORWARD=Allowed and OUTGOING=Allowed):
-Install Tor-Addon (https://wiki.ipfire.org/addons/tor/client)
-Block all DNS traffic except through IPFire's DNS proxy: I have blocked all dns from GREEN to RED and i set the IPfire-IP as DNS-Server in the Setup.(https://wiki.ipfire.org/configuration/firewall/dns)
-Install the Guardian 2.0 Addon (https://wiki.ipfire.org/addons/guardian/start)
-I don't use the Intrusion Detection System or URL-Filter because i think my IPFire-Hardware (RaspberryPi) has not enough resources for this. Does anyone know if there is an open-source-hardware that is not affected by spectre or meltdown which has a from IPfire supported Random Number Generator (HWRNG)?https://wiki.ipfire.org/hardware/rng?
The questions:
- When in the Firewall-Options FORWARD=Blocked and OUTGOING=Blocked then which rules have to be created for internetaccess and mail-program? I think i have to first allow the PC (the IP or MAC-address of this PC) the access to RED. I heard i have to add many rules for pakfire, dns, time-server when OUTGOING=Blocked?? (viewtopic.php?t=12587) I don't know which services or ports I have to allow, i found a thread (viewtopic.php?t=15334), but it did not help me.
- Don't know how to change the default “admin” account in IPFire to a different username which will not be obvious to an attacker.
- Is it alright to disable root SSH-access in the webUI or should SSH be disabled by adding an entry to the /etc/ssh/sshd_config configuration file?
- What if i use iPfire as a ADSL-Modem or behind a Modem or router, i think the Firewall-Rules must be differently?
- Don't know how to send syslog messages to another server.
- I heard some changes are only effective after a reboot. For which changes does the ipfire have to be restarted?
Thanks in advance for your help
