First start up Guarddog. For recent Mandrake and Redhat systems there should be a Guarddog entry on the K menu under Configuration/Networking. You will then immediately be asked for the root password. This is needed becuase Guarddog needs administrator access in order to modify the system's networking sub-system.
Once Guarddog has opened it's window you will notice that it is split accross three tabs. The first tab 'General', lets you set up general information about your system and how you want the firewall to behave. 'Client Protocols' and 'Server Protocols' allow you to specify which kinds of network protocols, or programs if you like, are allowed on your system.
On the 'General' tab the first thing to set is your internet connection. Guarddog needs to know how your system is connected to the internet. If you use a dialup phone connection, chances are that this should be set to 'ppp0'. If you are connected directly to a Local Area Network, your connection is probably 'eth0'. If you are connecting via a cable modem or DSL, it's also probably 'eth0'.
"Packet Blocking" lets you set what the system should do when it stops unwanted network traffic. (Note: Data on a network is sent in smaller chunks called 'packets'.) This can be set to either 'DENY' or 'REJECT'. 'DENY' means that the network sub-system just blocks the packet and forgets about. 'REJECT' means that it blocks an unwanted packet but also sents back a message to the sender saying what had happened. Of the two methods 'REJECT' is the friendlier one as it informs the sender. While with 'DENY' the sender hears nothing back and is left in the dark. We are not interested in being friendly to strangers so I recommend 'DENY'. 'DENY' is preferable because it slows down an attacker who is probing your system. Since they don't know what is happening to thier probe packets they have no choice but to wait for a response before giving up.
"Log Blocked Packets" simply controls whether Linux should whenever a packet is blocked, write an entry to the system log. Best to keep this checked on.
"Allow Ping Replies" control whether your system should respond to 'ping' packets. Ping is a utility for finding out if a machine on the net is alive. It sents a 'ping' packet to a machine and the machine is meant to reply. I personally don't think there is much harm in allowing ping. Being able to find out if a machine is alive and running is quite useful. Turn this off if you are particulary paranoid. The next option, "Log Ping" lets you turn on and off logging for ping requests.
On to the "Client Protocols" tab. Now I must explain what a protocol is. Networks are all about computers talking to other computers. Like when talking to other person in the Real World(tm) it helps if you both agree to speak the same language, be it English, Dutch or Sign Language. Same thing for computers, they need to agree on what language they are going to speak when talking to another computer. The difference between computer protocols and my previous example is that protocols are usually only intended for one particular task like moving files (FTP), fetching web pages (HTTP) or chatting with other computer users (IRC). The "Client Protocols" tab let you specify which protocols your computer is allowed to use. For a simple setup that lets you browse the web and use email, make sure the following are turned on:
You've probably gotten curious by now and also had a look at the "Server Protocols" tab and noticed that it looks the same as the "Client Protocols" tab. Most protocols use what is known as a Client-Server model when one computer acts a 'client' receiving service from another acting as a 'server'. When you browse the web your computer is acting as a client fetching pages from the web site which serves you. The "Client Protocols" tab lets you specify which protocols your computer is allowed to use such that it is acting as the client. The "Server Protocols" tab lets you specify which protocols your computer is allow to use where it is the server. Now, unless you really know what you are doing, I strongly recommend that you *not* turn any of these protocols on. Doing so will could really open up your machine to attack.
Everything should be set up now. Click on 'Apply' and your changes will become active. Before you close Guarddog start up your web browser and see if you can still get to the outside world. Now is a good time to see if other protocols that you use, like ICQ and IRC are still working. Once you are happy that things are working, we just have to save the configuration script somewhere so that the system knows to use it. Go to the "File" menu and hit "Save As...". If you are using a recent Mandrake release you should save to '/etc/rc.d/rc.firewall'. From now on when ever your system boots it will automatically run and setup your firewall. Use the 'Ok' button to save the current firewall, apply it and exit Guarddog.
Done. Now was that hard? :-)