Re: Linux firewall/IDS/NAT suggestions
From: David Nichols (dnichols_at_amci.com)
To: "Petty, Robert" <rpetty@DenverNewspaperAgency.com> Date: Mon, 2 Jun 2003 10:41:21 -0400
----- Original Message -----
From: Petty, Robert <rpetty@DenverNewspaperAgency.com>
To: Petty, Robert <rpetty@DenverNewspaperAgency.com>;
Sent: Friday, May 30, 2003 11:54 AM
Subject: Linux firewall/IDS/NAT suggestions
> Which kernel would be best? 2.0.x, 2.2.x, or 2.4.x?
I'd also go with 2.4 because it's the active kernel and I don't think
iptables is supported on anything else. I'd definitely use iptabes for the
state processing it offers. Just be sure to use up-to-date drivers on all
> Should the NAT and Firewall rules be written and maintained on CD-R media
> a malicious attacker cannot hide rule changes? Should the firewall be
> re-initialized on a schedule to ensure the live rules are those from the
> read-only media?
There's no reason why you can't put the whole system on CDR and write
protected floppy and boot the whole thing into a RAM disk. If it's ever
comprimised, change the vuneriable/cracked parts and reboot. The Sentry
firewall project does this. See
www.sentryfirewall.com for details. It's based on the Slackware distro
last time I checked. Another choice is IPCop
http://ipcop.org/cgi-bin/twiki/view/IPCop/WebHome I've never played with it
but saw it listed elsewere on the list.
> Last, but not least, what's a good HowTo that can be used as a basis? I
> would prefer one that starts off a little more strict so I can simplify
> rather than have to bone up on all of the current vulnerabilities.
Sentry has a posted mini-howto. There's also several HOWTO's on filtering:
Linux 2.4 Packet Filtering
Linux netfilter Hacking
Linux 2.4 NAT
There's also an iptables tutorial by Oskar Andreasson.
> Thanks for any replies!