Re: Bastille-Linux and Debian

To: Ethan Benson <erbenson@alaska.net>
Cc: debian-user@lists.debian.org
Subject: Re: Bastille-Linux and Debian
From: Robert Varga <robi@piros.zold.net>
Date: Thu, 2 Nov 2000 15:39:46 +0100 (CET)
Message-id: <[🔎] Pine.LNX.3.96.1001102153407.5913C-100000@piros.zold.net>
In-reply-to: <[🔎] 20001102053323.M709@plato.local.lan>

It probably examines your current ports via something similar to netstat,
to know what services on what ports are needed and creates a firewall
script that creates the rules according to actual ip, that is good for
that state of the system, as it was in upon running the build script. It
probably knows a couple of protocols which needs special handling, eg.
ftp. 

It probably just filters out everything which is not traffic to the
then-active server processes, and sets up a few anti-spoofing rules. 

I just guess this according to an article describing how to set up
bastille.

Regards,

Robert Varga

On Thu, 2 Nov 2000, Ethan Benson wrote:

> On Thu, Nov 02, 2000 at 03:25:53PM +0100, Robert Varga wrote:
> > 
> > Aside from this, Bastille also sets up a default ipchains firewall for
> > your system to prevent users to set up services on their own on your
> > machine, I think.
> 
> i would be interested in seeing how this can be done without breaking,
> well just about everything.  i would assume its a mostly static set of
> rules which could be exported and used anywhere. 
> 
> -- 
> Ethan Benson
> http://www.alaska.net/~erbenson/
>

Reply to:

Follow-Ups:
- Re: Bastille-Linux and Debian
  - From: Ethan Benson <erbenson@alaska.net>

References:
- Re: Bastille-Linux and Debian
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: Command-lineMail Client?
Next by Date: Re: finding dependencies
Previous by thread: Re: Bastille-Linux and Debian
Next by thread: Re: Bastille-Linux and Debian
Index(es):
- Date
- Thread