Re: Hardening a firewall box

To: Dirk Eddelbuettel <edd@debian.org>
Cc: debian-firewall@lists.debian.org
Subject: Re: Hardening a firewall box
From: Tim Sailer <sailer@sailer.itd.bnl.gov>
Date: Sat, 8 Jan 2000 22:01:11 -0500
Message-id: <[🔎] 20000108220111.A22915@sailer.itd.bnl.gov>
In-reply-to: <[🔎] 14455.57090.621286.79424@sonny.nulle.part>; from edd@debian.org on Sat, Jan 08, 2000 at 08:19:14PM -0500
References: <[🔎] 14455.57090.621286.79424@sonny.nulle.part>

On Sat, Jan 08, 2000 at 08:19:14PM -0500, Dirk Eddelbuettel wrote:
> -- do we have a basic "hardening howto" document ?

Not yet. :)
I'm in the process of building up a set of proxies for our firewall,
and I will document what all I did to help harden the boxen.

> -- how do keep services like time, talk, ... accessible "inside" (ie on eth1
> on 192.168.1.*) but _not_ to the outside world on eth0 ?

I'm not sure, but doesn't xinetd allow binding to different addresses?
Or, you can make a set of ipchain rules to do this...

Tim

-- 
 (work) sailer@bnl.gov / (home) tps@buoy.com - http://www.buoy.com/~tps
     "It's easy to make a buck. It's a lot tougher to make a difference."
        - Tom Brokaw
** Disclaimer: My views/comments/beliefs, as strange as they are, are my own.**

Reply to:

References:
- Hardening a firewall box
  - From: Dirk Eddelbuettel <edd@debian.org>

Prev by Date: Re: Hardening a firewall box
Next by Date: Problems with ICQ over ipchains NAT?
Previous by thread: Re: Hardening a firewall box
Next by thread: Re: Hardening a firewall box
Index(es):
- Date
- Thread