RE: [fw-wiz] insecurity in internet connection thro cable modems

From: Perrymon, Josh L. (PerrymonJ@bek.com)
Date: 02/14/03

  • Next message: Tim Chettle: "[fw-wiz] Query on OS hardening"
    From: "Perrymon, Josh L." <PerrymonJ@bek.com>
    To: "'Chapman, Justin T'" <JtChapma@bhi-erc.com>, "'firewall-wizards@honor.icsalabs.com '" <firewall-wizards@honor.icsalabs.com>
    Date: Fri, 14 Feb 2003 10:42:16 -0600
    

    Yeah... I ( Security Professional ) would implement IPChains or a PIX @
    home...
    But don't you think Linux is completely out of the question for a regular
    end user?????

    I'm looking for an application based firewall for my VPN users..
    So far ZONE ALARM is my choice.. I just wished I could integrate it with
    the PIX VPN client like the concentrator can.

    Any Ideas??
    -JP

    -----Original Message-----
    From: Chapman, Justin T [mailto:JtChapma@bhi-erc.com]
    Sent: Friday, February 07, 2003 11:29 AM
    To: 'firewall-wizards@honor.icsalabs.com '
    Subject: RE: [fw-wiz] insecurity in internet connection thro cable
    modems

    >
    >ipchains is old ( for the previous Linux Kernel 2.2 ), iptables
    >http://www.iptables.org would be a better choice.

    Agreed. If it's an option at all, choose iptables over ipchains. It's more
    flexable and it's a stateful packet filter, which makes for a "smarter"
    firewall. IPtables (and ipchains for that matter) can be a bit intimidating
    to work with, especially if you're new to the syntax. If you're going to
    "rolll your own" firewall, I would suggest searching Google/Freshmeat.net
    for "iptables generator". There are plenty of scripts/web frontends/guis
    that make creating simple "consumer-grade" firewalls a snap. One that I
    particularly like is a cgi-based one at:

    http://morizot.net/firewall/gen/

    Good luck!

    --justin

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



    Relevant Pages

    • RE: OpenVPN and IP Forwarding
      ... $IPTABLES -P FORWARD DROP ... I have the VPN server running on the "router" machine and the client on the side of the end users. ... If they are Linux then you may have a firewall but, usually, by default there is none enabled. ... Your router machine is Linux and you probably have a firewall there. ...
      (Debian-User)
    • Re: Konvertierung ipchains -> iptables
      ... >> Firewall umsetzen muss, ist das leider nicht so einfach. ... > Die Kunden werden Dir kaum opaque ipchains-Zeilen geliefert haben, ... > iptables am besten stateful neu, wonach man schon mal halb so viele Regeln ... >> Die Umstellung von ipchains auf iptables hat rein technische Gruende. ...
      (de.comp.os.unix.networking.misc)
    • RE: Sandboxing
      ... the 3Com Embedded Firewall would be extremely useful and enabling (in ... your case) when you look at it in a VPN context. ... This security policy will accomplish quite a few things: ... During the Policy Server installation, ...
      (Focus-IDS)
    • Re: Firewall software.
      ... Most modern Linux systems come with firewall installed with reasonable ... bridge or something that selectively lets packets through it. ... ipchains has been largely replaced by iptables. ...
      (comp.os.linux.networking)
    • Re: Firewall software.
      ... Most modern Linux systems come with firewall installed with reasonable ... bridge or something that selectively lets packets through it. ... ipchains has been largely replaced by iptables. ...
      (comp.os.linux.setup)