Re: firewall newbie questions

[Juerg Schneider <listacc@jusch.ch>]

On Saturday 10 April 2004 14.20, Jonas Meurer wrote:
> yea, I know that. But as long as the dnsserver only holds domains
> that are local to the server it's not that worse, and I'll surely
> add another secondary nameserver as soon as possible, but since we
> are a small company, and this is our first own server, it's not
> that easy to find another one.

Me too. But at dyndns.org the host me a 
secondary dns for 15$ / year
secondary mailserver for 30$ / year
and beleve me: it's worth. My ADSL was broken, I've hassle with my 
provider, with the Swisscom, but finaly it was my modem cable. Not 
one email was lost.

> Since the package you recommented, 'firehol' has a note at
> description, called: "The default configuration file will allow
> only client traffic on PPP and ethernet interfaces.", I'm made a
> little bit confiused about if to install the package.

This is the right way. Close all, log all, open wat you need. If you 
dont like scripting your iptables have a look at 
http://www.m0n0.ch/wall/
http://www.ipcop.org/cgi-bin/twiki/view/IPCop/WebHome

If you want to wrote your own script, start at
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
http://www.netfilter.org/documentation/

Regards

Jürg