Re: firewall for my laptop ?
On Fri, 26 Dec 2003, Derek Broughton wrote:
> On December 25, 2003 07:28 pm, Daniel Pittman wrote:
>> On Thu, 25 Dec 2003, Jerome BENOIT wrote:
>> > Is there a simple (Debian) way to install a firewall on a laptop ?
>>
>> The same sort as for any other Debian machine, yes. :)
>
> I beg to differ. Laptops have notably more complicated firewalling
> requirements.
My comment was intended to indicate that the /technology/ was the same,
not the ruleset. You correctly point out that a laptop is often
requires a more complex ruleset than a server or desktop system.
> For instance, I completely trust everything on my SOHO network, but
> don't trust my connection to the internet. I don't trust anything but
> my desktop machine on the client's network, but I _do_ trust their own
> internet firewall. So it's often important to be able to detect
> details of the connection.
While I agree with this, I don't think that the best location to perform
this detection is as part of the firewall package itself.
That said, firehol can work very nicely with this "detect and configure"
model. I would suggest:
1. Install 'guessnet' or 'whereami' to detect your location
2. Write the location information to a shell script readable file
somewhere
3. Add 'bash' shell code to the firehol configuration file.
Firehol adds a lot of custom commands to bash, making firewall setup
trivial, but is still a shell script under it all. So, you can use that
to conditionally execute firewall code.
Thanks for the feedback, though, and I will try to remember your point
about complexity of rule setup in future.
Daniel
--
There is eloquence in screaming.
-- Patrick Jones
Reply to: