[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bastille-Linux and Debian

It probably examines your current ports via something similar to netstat,
to know what services on what ports are needed and creates a firewall
script that creates the rules according to actual ip, that is good for
that state of the system, as it was in upon running the build script. It
probably knows a couple of protocols which needs special handling, eg.

It probably just filters out everything which is not traffic to the
then-active server processes, and sets up a few anti-spoofing rules. 

I just guess this according to an article describing how to set up


Robert Varga

On Thu, 2 Nov 2000, Ethan Benson wrote:

> On Thu, Nov 02, 2000 at 03:25:53PM +0100, Robert Varga wrote:
> > 
> > Aside from this, Bastille also sets up a default ipchains firewall for
> > your system to prevent users to set up services on their own on your
> > machine, I think.
> i would be interested in seeing how this can be done without breaking,
> well just about everything.  i would assume its a mostly static set of
> rules which could be exported and used anywhere. 
> -- 
> Ethan Benson
> http://www.alaska.net/~erbenson/

Reply to: