RE: Firewall options- which way to go

From: Arjen De Landgraaf (arjen.de.landgraaf@cologic.co.nz)
Date: 10/15/02 

From: Arjen De Landgraaf <arjen.de.landgraaf@cologic.co.nz>
To: 'Leon Pholi' <L.Pholi@secureinteractive.com>
Date: Wed, 16 Oct 2002 10:39:46 +1300

Hi Leon,

You find IPTables, Linux firewalls,
firewall design etc info at: www.e-secure-db.us

Site is organised into folders, most relevant ones are:

http://www.e-secure-db.us/dscgi/ds.py/View/Collection-933
IPTables

http://www.e-secure-db.us/dscgi/ds.py/View/Collection-1539
Tools - IPTables
 
http://www.e-secure-db.us/dscgi/ds.py/View/Collection-1577
Securing Linux / Unix

http://www.e-secure-db.us/dscgi/ds.py/View/Collection-572
Firewalls, VPN and Secure Routers Product Comparisons and Tests

http://www.e-secure-db.us/dscgi/ds.py/View/Collection-1443
Information on Firewall Design and Management

Etc.
Good luck and let me know how you go.

Arjen
New Zealand

-----Original Message-----
From: Leon Pholi [mailto:L.Pholi@secureinteractive.com]
Sent: Monday, 14 October 2002 1:33 p.m.
To: security-basics@securityfocus.com
Subject: Firewall options- which way to go

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I am looking at options for setting up a Linux firewall for our
company. Although I am a relative newbie to Linux, I'm not afraid to
get my 'hands dirty' with IPTables etc.

I have a couple of questions and would appreciate all comments.

1) Is it better to use a purpose built distribution such as
Smoothwall, IPCop or firewall specific ones from Redhat, Mandrake,
SuSE etc, or, would it be better to use a standard distro & built it
from scratch (bearing in mind I haven't yet recompiled a kernel but
I'm willing to give that a go too)?

2) If building from scratch, kernel version 2.4 supports both
ipchains & iptables (newer)- does anyone have a strong view on using
one over the other?
If using a purpose built one, does anyone have any experienced based
preferences?

3) Other than just suggesting to do a google search, are there any
resources (a simple step by step howto would be good) you would
recommend for the suggested approach?

All help greatly appreciated. Thanks in advance.

Leon

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPaoQ+23X5duwk+XvEQKyUQCfcI+YuA2CoEgTKPdMkacPHhc0MWQAoKid
reavCfqXEnT7pygVQ+8nO9P4
=kL3I
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: Feedback solicited - best way to harden a mail/web server?
    ... Was the system protected by a properly configured firewall? ... it's not a bad "starting point" and it can generate an IPtables rule ... > nor is there a web or ftp server; aside from that I haven't tried to secure ... Before I'll install some nifty application ...
    (comp.os.linux.security)
  • Re: EMERGENCY - need to secure my server against an ongoing SPAMMER
    ... computer with a broadband connection. ... that IP range will prevent that spammer from wasting your systems ... This approach eventually makes your firewall machine so busy it has ... A better approach is to use IPTables to deny ALL inbound attempts to ...
    (Fedora)
  • linux - iptable firewall DNS question
    ... When my firewall is active, i am unable to use name solving features from my ... iptables -P INPUT ACCEPT ... # $ipnet -> adresse ip de l'interface connectée à internet ... echo ACCES AU FIREWALL DEPUIS LOCAL ...
    (comp.security.firewalls)
  • Re: firestarter start failure?
    ... It writes to iptables firewall rules, and then is done, ... unless gui is open. ... Do I have to start Firestarter after I have rebooted? ... When Firestarter is installed from a package, the firewall ...
    (Ubuntu)
  • Clearing up some security "jargon"
    ... The kernel supplies the iptables service, which is by default, ... There is no need to "turn on" a firewall. ... Consider the package "ufw", a tool that some people say can ... Consider Firestarter. ...
    (Ubuntu)
Quantcast