Re: Linux firewall/IDS/NAT suggestions

From: David Nichols (dnichols_at_amci.com)
Date: 06/02/03

  • Next message: terry white: "Re: Linux firewall/IDS/NAT suggestions" 
    To: "Petty, Robert" <rpetty@DenverNewspaperAgency.com>
Date: Mon, 2 Jun 2003 10:41:21 -0400

    ----- Original Message -----
    From: Petty, Robert <rpetty@DenverNewspaperAgency.com>
    To: Petty, Robert <rpetty@DenverNewspaperAgency.com>;
    <focus-linux@securityfocus.com>
    Sent: Friday, May 30, 2003 11:54 AM
    Subject: Linux firewall/IDS/NAT suggestions

    > Which kernel would be best? 2.0.x, 2.2.x, or 2.4.x?

    I'd also go with 2.4 because it's the active kernel and I don't think
    iptables is supported on anything else. I'd definitely use iptabes for the
    state processing it offers. Just be sure to use up-to-date drivers on all
    NIC's.

    > Should the NAT and Firewall rules be written and maintained on CD-R media
    so
    > a malicious attacker cannot hide rule changes? Should the firewall be
    > re-initialized on a schedule to ensure the live rules are those from the
    > read-only media?

    There's no reason why you can't put the whole system on CDR and write
    protected floppy and boot the whole thing into a RAM disk. If it's ever
    comprimised, change the vuneriable/cracked parts and reboot. The Sentry
    firewall project does this. See
    www.sentryfirewall.com for details. It's based on the Slackware distro
    last time I checked. Another choice is IPCop
    http://ipcop.org/cgi-bin/twiki/view/IPCop/WebHome I've never played with it
    but saw it listed elsewere on the list.

    > Last, but not least, what's a good HowTo that can be used as a basis? I
    > would prefer one that starts off a little more strict so I can simplify
    > rather than have to bone up on all of the current vulnerabilities.

    Sentry has a posted mini-howto. There's also several HOWTO's on filtering:
    Linux 2.4 Packet Filtering
    Linux netfilter Hacking
    Netfilter Extensions
    Linux 2.4 NAT
    There's also an iptables tutorial by Oskar Andreasson.

    > Thanks for any replies!

    No Problem!
    David

  • Next message: terry white: "Re: Linux firewall/IDS/NAT suggestions"

    Relevant Pages

    • Re: firewall performance throughput between Linux and OpenBSD
      ... > The firewall is used to connect a private network to the internet. ... > ftp-proxy and the linux box does not. ... Running with a full pf rules file or the wideopen version ... > full rules file using iptables. ...
      (comp.unix.bsd.openbsd.misc)
    • Re: [Full-Disclosure] PIX vs CheckPoint
      ... Like a few other comments already, I would also recommend using iptables -- ... it's a stateful inspection firewall that's included with every Linux ... VNU BUSINESS PUBLICATIONS LIMITED 32-34 Broadwick Street, London, ...
      (Full-Disclosure)
    • Re: Configuring Linux as a Firewall
      ... Using iptables commands ... Simplifying things with firewall GUIs ... Linux enthusiasts have known for a long time: ... Making Installation Choices ...
      (rec.photo.digital)
    • Re: Demand of PF CLI
      ... >> using the PF APIs directly, or providing such access in perl, python, ... >> style approach was taken to embrace other firewall solutions. ... > you mean this module could work for Linux iptables too. ... There is Linux's iptables, ipf on NetBSD and Solaris, ...
      (comp.unix.bsd.openbsd.misc)
    • Re: firewall survey
      ... The fw's used on servers at work are all IPtables (more correctly NetFilter & ... IPtables) for Linux, and for Solaris we use ...can't remember the name but it ... Is your firewall considered to be a hardware appliance or a software ... of the front-ends that restrict the granularity or creation of custom rules, ...
      (RedHat)