[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Basic Debian firewall

On Wed, Oct 04, 2000 at 01:38:13PM -0600, Gary Hennigan wrote:
> Is the "ipmasq" package what one needs to install to get a basic
> firewall up and running under Debian? I'm using PMFirewall now, and I
> don't have any complaints with it. It was VERY easy to get a decent
> firewall up and running with it, but now that I know a bit more about
> ipchains I'm leaning toward using a Debian-only solution just to keep
> my firewall PC as consistent as possible.

works like a champ for me. i've used it with slink and ipfwadm,
and now potato with ipchains.

only thing i'd add to the startup scripts is a logging/flush
directive such as

	( date ; /sbin/ipchains -nxvL -Z ) >> /var/log/firewall

...my isp charges per megabyte, so this is how i keep'm honest.

without such a 'log packet / byte count' log directive, every time
you run ipmasq your counts are all reset to zero as the new
firewall instance is (re)built from scratch. if that matters,
you'll wanna add -nxvL > /var/log/*something* to the rule-set
in /etc/ipmasq/rules/A03flush.rul: copy the *.def file there
and prepend your own logging facility as needed, before the
rules are all flushed.

-- 
things are more like they used to be than they are now.

will@serensoft.com *** http://www.dontUthink.com/
Reply to: