Re: 'Generic' Firewall Rulesets?

To: debian-security@lists.debian.org
Subject: Re: 'Generic' Firewall Rulesets?
From: Christopher Gahlon <cgahlon@citilink.com>
Date: Mon, 06 Nov 2000 09:09:22 -0600
Message-id: <[🔎] 3A06C9A1.A64063A5@citilink.com>
References: <[🔎] Pine.LNX.4.21.0011040034070.14169-100000@copper.he.net>

He has a website with a firewall building tool that works pretty well.

http://www.linux-firewall-tools.com/linux/firewall/index.html

Chris Gahlon

mikehaarman wrote:

> There is an excellent book on just this topic by a fellow named Robert
> L. Ziegler, published by New Riders and called <emph>Linux
> Firewalls</emph>.
>
> A good general discussion of the issues and a couple of good recipies.
>
> Also some useful resources at openna.com  Gmourani's book has some
> ipchains recipies as well.
>
> mike
>
> On Sat, 4 Nov 2000, Troy Telford wrote:
>
> > Having looked and not found, I'm asking here:
> >
> > Is there any place where I can find a general ruleset for a firewall?
> >
> > And, moreover, while many howto's mention how to specify a rule for a
> > ruleset, they do not specify *what* rules are good/bad/ugly, etc.
> >
> > For instance:
> >
> > Even though packets coming from an FTP port are allowed (supposedly to
> > allow FTP downloads...), apt-get is unable to function properly.
> >
> > Moreover, I have no idea what a 'good' ruleset to simply allow FTP
> > requests from my machine (such as those made by an FTP client on my
> > machine, apt-get, etc.) are reasonably secure.  And, in my case, I have
> > incoming FTP disabled, but is there a way to block packets at the
> > firewall (from people requesting FTP services on my computer), while
> > allowing my FTP requests to go unhindered?
> >
> > In fact, I couldn't really find any good information on general firewall
> > construction.  I could find information on how to set a rule for the
> > firewall; but now I need to find information on *what* kind of rules are
> > good, and why (and what is bad, and why).
> >
> > Another Example:  From what I understand, all TCP/UDP ports above 1024
> > are 'user' ports, and have no services attatched to them.  What kind of
> > possible security problems/other risks are involved by having these
> > ports essentially 'open' to the world?  What is the tradeoff with
> > closing them off?
> >
> > For my particular situation, the computer is connected directly to the
> > internet on a campus network.  I want to be able to have a good 'basic'
> > firewall ruleset that will allow me to do my normal tasks as though
> > there were no firewall active, yet filter out all incoming connection
> > requests (such as telnet, ftp, etc.).  I'm running kernel 2.4.0-test9; I
> > have iptables figured out and can apply rulesets just fine.  It's
> > knowing what rules make sense and what ones don't that I need help on.
> >
> > I'm more interested in learning how to create a good firewall than
> > simply having one.  (So I can make one from scratch should I ever have a
> > specific need).
> >
> > Thanks for any help offered.  I hope I didn't run in too many circles!
> >
> > -Troy
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: 'Generic' Firewall Rulesets?
  - From: mikehaarman <mike@haarman.net>

Prev by Date: Re: Configuring ssh
Next by Date: Re: Configuring ssh
Previous by thread: Re: 'Generic' Firewall Rulesets?
Next by thread: Re: 'Generic' Firewall Rulesets?
Index(es):
- Date
- Thread