[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall Recommendations

On Mon, 22 Mar 2004, Wm G. McGrath wrote:
> We are thinking about replacing our current small office firewall
> with something more substantial and reliable. What are the current
> debian/iptables based favourites? I'd like to get a good idea of
> where to start reading. All suggestions welcome.

I use, and recommend, the 'firehol' package.  You can find it in testing
and unstable, or at <http://firehol.sf.net/>, and it is trivial to
back-port since it has no significant dependencies other than bash, awk
and iptables.

The illustrative examples on the first page of the website probably show
you all you need to know in terms of building the firewall for your
office, though YMMV of course. :)

If you are looking for general recommendations, make sure whatever
package you use doesn't allow *anything* unless you tell it to do so.

Many of the canned scripts seem to know what you want, especially in
terms of "allow any client to do anything", which is often a mistake in
these virus-filled days, at least on Windows networks. :)


If you lie to the compiler, it will get its revenge.
        -- Henry Spencer

Reply to: