[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Searching for an appropriate iptables script

On Thu, Feb 07, 2002 at 03:16:41AM -0500, Jeff Bonner wrote:

> I would like some input as to which script(s) the reader considers the
> most secure vs ease of use.  The one I'm leaning towards is Monmotha's
> [http://monmotha.mplug.org/firewall/firewall/2.3/rc.firewall-2.3.8-pre4]
> .
> It seems to satisfy my desire for all-out security paranoia, while still
> being simple to configure.

You might also want to look at the 'ferm' package. It even has an example
script which does the same as the monmotha script, and it's in a more
maintainable format IMHO than a 'normal' script, plus if/when the successor
to iptables comes out, ferm will most likely update to support it without you
needing to change your definitions [1].

> I also experimented with FWBuilder [http://www.fwbuilder.org] which is
> available directly as a .deb package.  While it looks very capable, I'd
> essentially have to design the firewall from scratch.  Since I might
> miss something, I've ruled this out.

If you're worried about missing stuff out, you could start with a firewall
that defaults everything to DROP and go from there... At least then if you've
missed something out, it's going to be blocking the packets, not letting them



[1] much[2]
[2] probably
/* Gareth Bowker                     |  tgb96@aber.ac.uk
   Space Robotics Team               |  http://users.aber.ac.uk/tgb96/
   University of Wales, Aberystwyth  |  +44 1970 62 2450               */

Reply to: