Re: What is a good firewall tool?
Well i just resetup my firewall, actually still in the
process of adding things to it as time progresses.
First off, my opinion on GUI firewalls, youre adding
more processes to a firewall then what is needed. A
true firewall should have the least amt of processes
installed/running on it all the time.
What id suggest is make a really simple script like i
did.
you first want to make your policy drop everything on
default, that will make it like its not online
ie
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
then you want to enable special ports you want to
allow in ie
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
that will allow ssh into it.
then you allow like ESTABLISHED,RELATED connections
etc, any other ports, you enable ip_forward if its a
gateway, and do the POSTROUTING cmd in many firewalls
etc.
its actually quite simple.
--- Roberto Sanchez <rcsanchez97@yahoo.es> wrote:
> Greetings list,
>
> I have a firewall/router box (Pentium Pro 200 w/128
> MB RAM) running Woody with
> a 2.4.20 kernel. I am currently using Firestarter
> (since it has a pretty easy
> to use GUI and wizard) to build my firewall for me.
> My question is what is the
> best tool to build firewalls with (aside from
> actually learning iptables, which
> I don't have time for)?
use nmap
a very good program to port scan.
> Also, how do I find out how secure my firewall is?
> Do I wait and hope I don't
> get broken into?
>
> Any suggestions would be much appreciated.
>
> -Roberto Sanchez
>
>
> ___________________________________________________
> Yahoo! Messenger - Nueva versión GRATIS
> Super Webcam, voz, caritas animadas, y más...
> http://messenger.yahoo.es
>
>
> --
> To UNSUBSCRIBE, email to
> debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
Reply to: