Re: Debian Firewall
On Tue, Jul 24, 2001 at 10:11:19AM -0400, Case, Benjamin wrote:
> Security, Security, Security
> SSH Daemon
> NAT (Masq)
> Port Forwarding
> Graphical (web based ?) Network Analysis
> PPPoE support
> VPN support
> Convenient Method of Configuration (Web based, GUI based ?)
[snip]
> What is the best apporach to creating this Firewall. Should I start with my
> own basic install of Debian and build from there ? Is there a floppy or CD
> based image worth trying that is based on Debian ?
Install a debian base system. In the dselect package listing, remove
all packages that are not needed on a firewall, like gcc, tetex and any
bad stuff like telnetd or rwhod. Then select the packages you do want:
ssh, ipmasq, pppoe, mrtg, perhaps a tiny httpd for the stats. Install
the packages from the dselect menu. Repeat for any other packages you
later find you need or don't need.
I'm not very experienced with gui administration and I personally don't
find it convenient at all. On a security sensitive system, you don't
want to run anything more than strictly necessary, fancy configuration
layers included.
Just consider the various webinterfaces in embedded systems, like routers
and network printers, and how these are accidentally hurt by iis sploit
requests.
Remember to "netstat -at" and to mercilessly remove any service that
you did not put there yourself with the express intent to respond to
arbitrary people on the internet.
There exists a debian-firewall list, iirc. Try searching the archives
of that list and posting there, it likely has a better yield.
Cheers,
Joost
Reply to: