[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall packages (was: All these open ports)

> You could get something close to Zone Alarm (minus the application
> permissions stuff) with a very short iptables script which set the
> policies for INPUT and FORWARD to DROP, and OUTPUT to ACCEPT, and adding
> a couple of rules for allowing related and established connections on
> the INPUT chain.  I'm sure there are basic HOWTOs on this floating
> around - google for something like "iptables introduction" and you
> should find some good hits.

Actually, that's sort of what the "firestarter" (and probably the other
firewall packages?) does - it generates a control script with a bunch
of "iptables" entries.  And, you're right, there are plenty of sample
scripts, etc. available.

But thus far, it's the application permissions (and some of the logging)
that escapes me.  The problem is, I'm lazy and would rather find
already implemented, if possible.  But if no such thing exists, I'll
eventually hack something together.  (Which defines the real issue:  how
do I prove that no such thing exists?  Didn't Aristotle have something
say about that??)

Reply to: