Re: My own Firewall ??

To: debian-firewall@lists.debian.org
Subject: Re: My own Firewall ??
From: Daniel Pittman <daniel@rimspace.net>
Date: Thu, 10 Mar 2005 09:23:19 +1100
Message-id: <[🔎] 87sm34o3vs.fsf@enki.rimspace.net>
References: <[🔎] 20050309183431.8D1791321E@Panther.segurmatica.com>

On 10 Mar 2005, Gilberto Brito Cordov.ANis wrote:
> I$B!G(Bm new in this list, I$B!G(Bm Cuban and my English is no good, sorry. I$B!G(B
> m looking information about configure a Debian system whith minimous
> software to build a firewall, is this possible ??, I want a system
> that only have installed: iptables, kernel 2.6 and apt-get for
> security actualizations.

Yes, this is possible and, in fact, pretty easy to achieve.  If you
can't follow any of this, please let me know and I will try to work
around any English language issues:

Start out with an install Disk for Debian.  I recommend Debian/testing
for this, but the Debian/stable process is not much different.  I don't
think there is a 2.6 kernel for Debian/stable available, though.

Boot from the install disk, and go through the basic stuff like
language, partitioning, etc.

When you are asked if you want to install some sort of package suite
(like "Desktop" "C Compiler" "Graphical Workstation", etc), say NO.

When you are asked if you want to choose packages manually, say NO.

Finish the install process.  Viola, a system with (almost) the bare
minimum of packages installed.

At this point, I usually go and prune things like PPP and PPPoE support
which I don't need on the firewall.

If you run Debian/testing or Debian/unstable, I strongly suggest
installing:

    aptitude
    apt-listchanges
    apt-listbugs

These will make your experience *much* nicer.  Then, use aptitude rather
than apt-get to install and manage software.

Anyway, at this point, install a 2.6 kernel if you need to, using
aptitude or apt-get.

Finally, install your firewall tools, if needed, by removing ipchains
and checking that iptables was installed.

Oh, and I recommend using 'firehol', which is in /testing and /unstable,
and is a wrapper around iptables.  It takes a lot of the hard work out
of building a firewall, without stopping you doing anything that
iptables can do.

Regards,
        Daniel

-- 
Men become civilized, not in proportion to their willingness to believe, but
in proportion to their readiness to doubt.
        -- H. L. Mencken

Reply to:

Follow-Ups:
- Re: My own Firewall ??
  - From: Jean-Michel Hiver <hiver.j@wanadoo.fr>

References:
- My own Firewall ??
  - From: Gilberto Brito Cordovés <gbrito@segurmatica.cu>

Prev by Date: iptables+sarge
Next by Date: Re: iptables+sarge
Previous by thread: Re: My own Firewall ??
Next by thread: Re: My own Firewall ??
Index(es):
- Date
- Thread