Re: Firewalls

To: JIM_BURT_at_nass-fx@nass.usda.gov
Cc: debian-user@lists.debian.org
Subject: Re: Firewalls
From: Philippe Troin <phil@fifi.org>
Date: Wed, 18 Jun 1997 10:04:01 -0700
Message-id: <[🔎] 199706181704.KAA01530@ceramic.fifi.org>
In-reply-to: Your message of "Wed, 18 Jun 1997 10:55:41 EST." <[🔎] 9705188666.AA866656817@nass.usda.gov>

On Wed, 18 Jun 1997 10:55:41 EST JIM_BURT_at_nass-fx@nass.usda.gov 
wrote:

>      One wants a firewall to
>      1. not require logging into the firewall computer itself (TIS requires 
>      this)
>      2. not require putting new (1 line changed then recompiled) ftp, 
>      telnet, ... on the computers behind the firewall (SOCKS4 may require 
>      this, I forget)
> Anyone running a debian-based firewall out there?

Yup.

> Does anyone have any experience with the TIS firewall toolkit package 
> for Debian?  How about setting up firewalling in the kernel?

I have an `industrial' firewall working out there, fully in the kernel (with ipfwadm). It masquerades all outbound connections (currently all, but you can choose which ports to forward and/or allow outbound connections), and refuses all outside connections except for mail, DNS and http. It also checks for spoofing (correct addresses on correct interfaces).
>From the user, the only constraint is that he has to use passive ftp. Everything else is completely transparent.

Ipfwadm is hard to figure out at the first glance, but it's really powerful.

Phil.



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- was Re: Firewalls now:Ipfwadm question
  - From: Richard Morin <richm@mail.on.rogers.wave.ca>

References:
- Re: Firewalls
  - From: JIM_BURT_at_nass-fx@nass.usda.gov

Prev by Date: IBM Aptiva
Next by Date: make boot floppy problem Deb1.3
Previous by thread: Re: Firewalls
Next by thread: was Re: Firewalls now:Ipfwadm question
Index(es):
- Date
- Thread