Re: security setup without firewall?



notbob wrote:
On 2006-12-09, left_coast <void@xxxxxxxx> wrote:
BTW, shorewall is not the firewall, it is a method of configuring the
firewall. If you want a relatively easy front end, try Guarddog.

http://www.simonzone.com/software/guarddog/

.....or Arno's iptables firewall script. You edit the config script,
it configures iptables. It starts with everything closed but stateful
http and email and you open things as needed. Even a dummy like me
can figure it out. ;)

http://rocky.molphys.leidenuniv.nl/

Thanks, I will have a look at them.

tom
.



Relevant Pages

  • Guard Dog not effective on services startup
    ... However, I have observed that when I start services ad hoc, iptables is blocking access to them. ... The resolution is to open Guarddog and click on the Apply button *without changing any of the settings*. ... For example, http and https are enabled on the Internet and local protocol panels, but when I start Apache, nobody can connect until I click the Guarddog Apply button. ...
    (comp.os.linux.security)
  • Re: Netgear - Block Sites
    ... CFILTER and HTTP. ... the output of "iptables -nvL" should show 3 rules under CFILTER ... # iptables -nvL CFILTER HTTP Chain HTTP (3 references) ...
    (uk.telecom.broadband)
  • Re: Firewall/router with redundant internet connection
    ... > that it might be best to split traffic according to services (eg., http down ... > configure such a split using iptables, but if anyone has pointers to any ... then use "ip" to configure different routes for each mark. ... If you have an external DNS server, you could check the status of your ...
    (comp.os.linux.networking)
  • Re: Questions on secure remote access to Fedora Core 2
    ... After most of a day of research on iptables, and a bunch of trial and ... Keep HTTP and HTTPS open for everybody ... Open inbound SSH, FTP, and mail for everybody ... ... users who for whatever reason can't use SFTP. ...
    (comp.os.linux.security)
  • iptables
    ... I've been working with iptables for some time now and I would like to ... further harden my firewall rules relating to HTTP. ... scans and as such the HTTP header will not contain the host name. ...
    (Focus-Linux)