Re: linux firewall design

From: prg (rdgentry1_at_cablelynx.com)
Date: 01/24/05


Date: 24 Jan 2005 10:51:15 -0800


Sridhar Natarajan wrote:
> I am bound to design a firewall using iptables(1.2.7a). i have
> compiled the kernel with necessary config parameters.Can any one help
> me with the right resource in linux packet filter design?

http://www.linuxguruz.com/iptables/
See especially the Tutorial section.

> If i would
> design a proxy for my firewall,can it be done any way better than
> "squid"?

_You_ won't do _better_ than squid (perhaps different) and the
widepread use of squid insures there is plenty of help setting it
up/maintaining it. It's been quite some time since I've even looked
for/at other proxies. And it's versatility will grow with your needs.
Other apps can/do make use of squid.
> Plz help.

hope this does,
prg
email above disabled



Relevant Pages

  • linux firewall design
    ... I am bound to design a firewall using iptables. ... compiled the kernel with necessary config parameters.Can any one help ... me with the right resource in linux packet filter design?If i would ...
    (comp.os.linux.security)
  • Re: pppd crashes, was: kde-freebsd
    ... User PPP is very easy to use, Kernel PPP is not. ... It appears to me that PPP is the more normal way on FreeBSD, whereas, in my own experience Linux, prefer PPPD. ... Over time FreeBSD and Linux drifted apart on this design issue, and it became something of a characteristic of BSD, perhaps that is why Kernel PPP became less well maintained ... Regarding the various comments by Michael Nottebrock, Firstly: The bug you mentioned I have not experienced. ...
    (freebsd-stable)
  • Re: A Layered Kernel: Proposal
    ... (I can't believe that a kernel programmer will not ... So give us a design. ... layer, the SCSI layer, the network layer, etc.), but it is always ...
    (Linux-Kernel)
  • Re: [PROPOSAL/PATCH] Fortuna PRNG in /dev/random
    ... > in random.c with the Fortuna PRNG designed by Ferguson and Schneier (Practical ... The kernel will break if CONFIG_CRYPTO is false ... don't want crypto, then you don't want secure random numbers." ... design a system that is closer to "true randomness" as possible. ...
    (Linux-Kernel)
  • [RFC] What are the goals for the architecture of an in-kernel IR system?
    ... On Fri, Nov 27, 2009 at 2:45 AM, Christoph Bartelmus ... API already in the kernel. ... ignore the code I wrote and make a design proposal ... Use of modern Linux features like sysfs, ...
    (Linux-Kernel)