I'm planning on building a firewall for three or four subnets. I'd like to use Debian because I 'know' it, but am curious to know other people's opinions on the following: In this situation, would you use a largely-unaltered stock Debian installation (e.g. Woody) or would you make drastic changes to it? At the moment, my plan is: 1. Install Debian (probably Woody); 2. 'apt-get remove' anything which is installed by default that I know I don't need; 3. Check for all externally-listening services and remove them, with the exception of SSH; 4. Configure the firewall as a 'forwarding' firewall, so that it doesn't actually listen for any services of its own, with the exception of SSH from a single IP on the 'GREEN' interface. Possible additional measures: 5. Fine-tune kernel for routing and firewall behaviour; 6. Allow firewall to use UDP on port 514 outgoing, to send syslogs to a host on the GREEN network for logging. Comments/suggestions? In particular, would you do something other than Step 1? (Use another Debian-based distro?) Dave. -- Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature