Re: Which is firewall generator suitable for new hand?
On Thu, 3 Mar 2005, Tony Godshall wrote:
> According to James Ng,
> > Hi All,
> >
> > I am a new hand in linux system. I want to set up a firewall in my
> > debain in my home. Which is the firewall generator suitable for a new
> > hand in firewall? Since the document about iptables is too complicated
> > for me, I could not use it.
...
> http://easyfwgen.morizot.net/gen/index.php
if you like fw gui ... ( i say yuckeee )
http://www.Linux-Sec.net/Firewall/Tools/
step 1
see if you can get your local lan on 192.168.x.x to go out
to the internet ( webpages, and read emails )
- the should only have minimum linux and iptables
( no email, no web, no user login, etc, etc )
- i always put dns with the fw ( as a gw ) .. call me dumb :-)
masquerading...
- 3 line of iptables to get this done
- allow everything out
- allow everything in ...
( sorta pointless fw, but at least the LAN works )
next major fw rules
- allow everything out
- disallow everything in
- allow incoming mail to the mail server
- allow incoming web to the web server
- allow incoming dns to the dns server
- allow incoming xxx to the xxx server
example iptable scripts
http://www.Linux-Sec.net/Firewall/Scripts/
http://www.Linux-Sec.net/Firewall/Examples/
step 2
compile your kernel ... apply simple kernel protections
openwall, lids, rbac, etc
harden the rest of your systems against silly script kiddie attacks
step 3
add more firewall rules like NAT, port forwarding, etc
do more firewall cleanup and maintenance and monitoring
http://linux-sec.net/FW/
c ya
alvin
>
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: