Re: [fw-wiz] Linux Firewalls

salgak_at_speakeasy.net
Date: 06/02/04

  • Next message: George Capehart: "Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
    To: "Mark" <firewalladmin@bellsouth.net>, firewall-wizards@honor.icsalabs.com
    Date: Wed, 02 Jun 2004 14:21:27 +0000
    
    

    Actually, IPtables is fairly straightforward, it was taught to me in 20 minutes. The trick will be editing the files: if you're not good at vi, and pico isn't installed, your best bet would to be to edit on the desktop, in a GUI environment like KDE.

    Mind you, the FIRST part of making a Linux Firewall is locking down the OS.

    Some suggestions at the top level

    http://www.stolaf.edu/depts/cis/wp/bongard/Security/Locking_Down.html#Linux

    To make it easy, I'd recommend running Bastille:

    http://www.bastille-linux.org/

    And here's a good howto on IPtables:

    http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.html

    > -----Original Message-----
    > From: Mark [mailto:firewalladmin@bellsouth.net]
    > Sent: Wednesday, June 2, 2004 01:15 PM
    > To: firewall-wizards@honor.icsalabs.com
    > Subject: [fw-wiz] Linux Firewalls
    >
    > Hello:
    >
    > I was wondering if anyone has used the Firewall Builder for Linux
    > IPTables? I am looking through the documentation right now and it looks
    > pretty slick. I am experienced with ISA 2000, several Symantec
    > firewalls/appliances, Cisco routers and some other proprietary stuff,
    > but have never tackled Linux in any major way. The IPTables looks like a
    > steep learning curve for a guy with minimal Unix/Linux knowledge so this
    > looked like a good product. Anyone of you use it? I appreciate any
    > comments. Thanks!
    >
    > Mark
    >
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: George Capehart: "Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"

    Relevant Pages

    • Google Summer of Code 2009: Student applies to create a Better IPTables Management Tool
      ... a student) and select the Linux Foundation ... The tool focuses on helping the user to perceive what a particular chains of rules in a particular table does to a user specified packet. ... As the project aims for better IPtables management tool, I can contribute with my hard earned 3 years experience in maintenance of firewalls. ... The tools helps the user to either select all the rules in the chain or some particular rules and tells the impact of the application of selected rules upon the incoming/outgoing packet. ...
      (Linux-Kernel)
    • Iptables and SAMBA - Im going MAAAAAAAAAAAAAAAAAADDDDDDD!!!
      ... On this linux box i have two net cards that go to two clients ... (samba works perfectly if i shut down iptables) ... #nelle regole - MODIFICARE SECONDO I PROPRI PARAMETRI ... #della rete Interna ...
      (comp.os.linux.networking)
    • Re: firewall performance throughput between Linux and OpenBSD
      ... > The firewall is used to connect a private network to the internet. ... > ftp-proxy and the linux box does not. ... Running with a full pf rules file or the wideopen version ... > full rules file using iptables. ...
      (comp.unix.bsd.openbsd.misc)
    • Re: Help: My girlfriends XP box cant see my Linux samba shares
      ... Mike Martin wrote: ... >I've goggle'd all over and read ten different sites for Samba conf but I'm ... Just a checkup - this should show everything is shared on your linux box. ... iptables -P FORWARD ACCEPT ...
      (alt.os.linux)
    • Cant route through Linux box
      ... We have an SDSL connection with a few static IP's. ... I can ping the sdsl router 66.80.220.65 from the linux system. ... $IPTABLES -F OUTPUT ...
      (comp.os.linux)