Re: My first firewall

To: debian-firewall@lists.debian.org
Subject: Re: My first firewall
From: Frederik Schueler <fs@lowpingbastards.de>
Date: Tue, 21 May 2002 23:39:28 +0200
Message-id: <[🔎] 20020521213928.GB954@lowpingbastards.de>
In-reply-to: <-9Jo-C.A.M_G.VQq68@murphy>
References: <[🔎] 000901c200db$ee3f9f60$6600a8c0@jamesdesktop> <-9Jo-C.A.M_G.VQq68@murphy>

On Wed, May 22, 2002 at 01:54:10AM +0600, nishan wrote:
> some intrusion detection:
> build as much in module format as you can and don't keep modules that you 
> don't need.

I would rather suggest deactivating modules at all, just to avoid possible
LKM root-kits. 

And make sure no compiler or linux sources are left on the system
after it goes into production ;)

If it should be just a firewall, I think the only open port should be
ssh (restricted to certain hosts or just to the IP of your workstation).

BTW, getting a 2.4.x kernel running on potato implies upgrading some
stuff, at least modutils (not needed if you go without modules).

have a nice day
Frederik Schüler

-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- RE: My first firewall
  - From: James <james@james-web.net>
- Re: My first firewall
  - From: nishan <nishan@t3.com>

Prev by Date: Re: My first firewall
Next by Date: Re: Please critique my iptables-based firewall
Previous by thread: Re: My first firewall
Next by thread: Debian version of the Sentry firewall CD?
Index(es):
- Date
- Thread