Re: [fw-wiz] Router with firewall suggestion

From: CTA (cta@hcsin.net)
Date: 12/15/02


From: "CTA" <cta@hcsin.net>
To: "Steve Bostedor" <Steveb@tshore.com>, firewall-wizards@honor.icsalabs.com
Date: Sun Dec 15 10:49:24 2002


<color><param>0100,0100,0100</param>On 2 Dec 2002, at 15:03, Steve Bostedor wrote:

</color>From: "Steve Bostedor" <<Steveb@tshore.com>

To: <<firewall-wizards@honor.icsalabs.com>

Subject: [fw-wiz] Router with firewall suggestion

Date sent: Mon, 2 Dec 2002 15:03:26 -0500

<color><param>7F00,0000,0000</param>> We have a small block of external Ip addresses being routed to us

> from our broadband ISP. They do not allow us to set the

> access-lists on their edge router, so we need to put something on

> our side that will filter traffic and act as a firewall for those

> addresses. Layer 3 switches look real expensive. Any

> recommendations?

>

> Thanks!

> _______________________________________________

> firewall-wizards mailing list

> firewall-wizards@honor.icsalabs.com

> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

>

</color>>>>

<color><param>0100,0100,0100</param><FontFamily><param>Times New Roman</param><bigger>Get BSDi and a Pentium II/III class machine with two NICs,
512M RAM, and build a Bastion Host. (Cost << $3k) You can
do with FreeBSD or OpenBSD, but not LINUX. Sorry but
LINUX s implementation of packet filtering is way to
venerable. If you are really into hacking a STRONG Bastion,
try building a BPF based filter. If you dont know what BPF is
then move on

One interface to your router/Open-DMZ and the other to your
Private or Managed DMZ

Run IPFW on both interfaces to filter IN only that traffic which
you need.

Setup standard IP and SMURF filters on the router. NIX FW
on you Gateway Routers!

IMHO

</color><FontFamily><param>Arial</param><smaller>

<nofill>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
This email and any files transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they are
addressed. This communication may contain material protected by the
attorney-client privilege. If you are not the intended recipient, be
advised that you have received this email in error and that any use,
dissemination, forwarding, printing, or copying of this email is strictly
prohibited. If you have receive this email in error, please immediately
notify the sender by email.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>



Relevant Pages

  • Re: OT: Microsoft extends XP again, sort-of
    ... The proper approach to security is to filter by default so "nothing ... Windows machines are so easily hacked. ... linux do the same thing, but ppl who use linux usually are aware of this ... fighting M$ and 3rd party software for control of my computer. ...
    (rec.food.cooking)
  • Re: Adding Flow Director sysctls to ixgbe(4)
    ... On linux version of ixgbe driver, it has ability to set/remove perfect ... filter from userland using ethtool command. ... Linux implement it on ethtool command, ...
    (freebsd-net)
  • Re: Adding Flow Director sysctls to ixgbe(4)
    ... I implemented Ethernet Flow Director sysctls to ixgbe, ... Adding removing signature filter ... On linux version of ixgbe driver, it has ability to set/remove perfect ... filter from userland using ethtool command. ...
    (freebsd-net)
  • Re: Increased trolling - SOLUTION
    ... > filtered out by my newsreader because they are from lame spamming ... > wintrolls. ... I'm sure it's a pain in the ass for you real Linux people to ... > have to wade through all that crap, so I thought I'd repost the filter ...
    (alt.os.linux)
  • Re: list files but not directory
    ... used and first learned listing utility and therefore would be the place ... filter it to display only some subset. ... Put a whole bunch of options in ls which could list only regular files, ... and hours I wasted when I first came to Linux from Windows. ...
    (Fedora)