Re: what fireware should I choose

To: debian user <debian-user@lists.debian.org>
Subject: Re: what fireware should I choose
From: Rob Weir <rweir@ertius.org>
Date: Sun, 25 May 2003 23:13:33 +1000
Message-id: <[🔎] 20030525131333.GV8679@ooder.bloog.ddts.net>
Mail-followup-to: debian user <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20030521102137.62922.qmail@web20206.mail.yahoo.com>
References: <[🔎] 20030521102137.62922.qmail@web20206.mail.yahoo.com>

On Wed, May 21, 2003 at 03:21:37AM -0700, Joris Huizer wrote:
> Hello,
> 
> I've curently a firewall installed called
> 'firestarter' - buut I'd like to hear what firewall
> most of you use. I'm just on a personal computer - no
> server or anything like that.

In the Linux world, firewalling is something the kernel does.  In 2.0
kernels, a system called ipfwadm was used, ipchains for 2.2 and iptables
for 2.4 (and 2.5).  All tools like firestarter do is provide an easier
interface to the basic command line tool that configures the kernel
system (iptables, ipchains, ipfwadm, oddly enough :).  So, every
firewalling tool on Linux could be as secure as each other.  Of course,
the rules they generate could produce security issues...

> I want to be able to browse, ftp, mail (POP), (maybe
> ssh) without a problem.

This is a fairly simple problem, actually, especially with iptables.  It
can keep track of which packets are related to other ones, so you can
say, f'r instance, 'let me send everything out, but block all incoming
packets, except for those that are part of connections *I* established'.
This works very well, and we quite secure.

> Let's hear some opinions !

I started off using the basic three-line masquerading script on my
gateway, then moved onto a modified one I wrote myself (the packet
filtering HOWTO on http://www.netfilter.org/ is quite useful), then to
MonMotha's rc.firewall, and now I'm just using shorewall.  All these
were rather easy to configure, and only involved editing some simple
text files.

If you're just starting out, then I'd recommend reading the HOWTO I
mentioned above.  It explains how it all works, and shows you how to
make your own basic script.  Even if you immediately jump back to some
other tool, knowing how they work is a huge advantage when designing
your own rules using any sort of helper.

-- 
Rob Weir <rweir@ertius.org>  |   mlspam@ertius.org   |   http://www.ertius.org/
GPG keys: 1024D/1E73B7CD, 4096R/3ABDE5EC     |      Do I look like I want a CC?
Words of the day:         beanpole Ceridian Soviet Echelon emc STARLAN csystems

Attachment: pgpJqLCruEq0h.pgp
Description: PGP signature

Reply to:

References:
- what fireware should I choose
  - From: Joris Huizer <joris_huizer@yahoo.com>

Prev by Date: Re: Mutt set up advice.
Next by Date: Re: php module for apache2
Previous by thread: what fireware should I choose
Next by thread: ncftp update problems ...
Index(es):
- Date
- Thread