Re: Firewalls, basic questions
On Mon, Jan 13, 2003 at 01:57:27PM -0800, Pietro Calogero wrote:
> Dear Russell,
> Wow! I looked through all the files in the distro and could not find one
> named 'ipchains.' But my method is extremely primitive: when I installed
> Woody, I had the installer scan all 8 disks, so all the files would be
> loaded into the apt database.
> 1. Is there a way of searching the apt database for specific files?
> Could you send me an example of how one would enter such an instruction
> on the command line? I only know enough to suspect that you might have
> to "pipe" something through a filter like 'groff' or 'troff,' but the
> only such maneuver I have tey learned is to pipe things through 'less'
> so that I could scroll back and see the whole output.
apt-cache search <keyword> will look in YOUR apt database (via your
sources.list file) for packages matching.
> 2. I succeeded in installing kernel 2.4.18 only on the second pass;
> initially I did not modify LILO correctly and I lost access and
> bootability to the entire partition and had to start over. Since this
> whole reinstall was my 10th (I do not exaggerate) time I have tried to
> get a workable system since I began in mid-November, I am increasingly
> reluctant to invest more time in Linux.
> So what do you recommend as a sound approach to a firewall? Follow the
> Security-quickstart HOWTO and use iptables?
As a new user, I'd install the 'shorewall' package, which is a
friendlier front-end to iptables. You will, however need to rtfm
somewhat heavily, as I'd guess there's a certain amount of understanding
that you'll want-- it's not that hard, and shorewall has excellent
newbie documentation.
Also have a look at /usr/share/doc/<packagename> for packages that you
install-- it'll have some debian-specific information in there
(typically a README.Debian file)
> Please keep in mind that, following the advice of several HOWTOs, I will
> not connect this laptop to the internet until I have a firewall built.
> So all of Debian's online software updates are unavailble to me until then.
That's a good goal, although you could probably connect to update your
system. Just be aware that you're running around naked out there...
-g
--
Glen S Mehn
Contract Systems Administrator SquareTrade, Inc
glen@squaretrade.com Building Trust in Transactions (sm)
Reply to: