[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What is a good firewall tool?

Well i just resetup my firewall, actually still in the
process of adding things to it as time progresses.  

First off, my opinion on GUI firewalls, youre adding
more processes to a firewall then what is needed.  A
true firewall should have the least amt of processes
installed/running on it all the time.

What id suggest is make a really simple script like i

you first want to make your policy drop everything on
default, that will make it like its not online


iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

then you want to enable special ports you want to
allow in   ie

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

that will allow ssh into it.

then you allow like ESTABLISHED,RELATED connections
etc, any other ports, you enable ip_forward if its a
gateway, and do the POSTROUTING cmd in many firewalls

its actually quite simple.

--- Roberto Sanchez <rcsanchez97@yahoo.es> wrote:
> Greetings list,
> I have a firewall/router box (Pentium Pro 200 w/128
> MB RAM) running Woody with
> a 2.4.20 kernel.  I am currently using Firestarter
> (since it has a pretty easy
> to use GUI and wizard) to build my firewall for me. 
> My question is what is the
> best tool to build firewalls with (aside from
> actually learning iptables, which
> I don't have time for)?

use  nmap

a very good program to port scan.

> Also, how do I find out how secure my firewall is? 
> Do I wait and hope I don't
> get broken into?
> Any suggestions would be much appreciated.
> -Roberto Sanchez
> ___________________________________________________
> Yahoo! Messenger - Nueva versión GRATIS
> Super Webcam, voz, caritas animadas, y más...
> http://messenger.yahoo.es
> -- 
> To UNSUBSCRIBE, email to
> debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org

Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.

Reply to: