Linux Based Firewalls
Steven W. Orr
steveo at syslang.net
Fri Nov 14 09:43:08 EST 2003
On Friday, Nov 14th 2003 at 08:54 -0500, quoth bscott at ntisys.com:
=> Myself, I just use the IPTables/NetFilter stuff built-in to the Linux
=>kernel. IMNSHO, there's no substitute for knowing what you're doing, and if
=>you know what you're doing, the syntax of the "iptables" command is a
=>trivial issue.
=>
=> If you're looking for canned firewall packages, I hear frequent
=>recommendations for Smoothwall, IPCop, and Firewall Builder
=>(www.fwbuilder.org).
No disresepect to your skills are wielding iptables commands, but I
strongly warn the average mortal (myself included) from going that route.
A proper layer for creating a firewall is going to do a lot more
boilerplate than you would probably know to do. A few examples: Reject all
packets from private networks, reject all packets whose src is your own
nic, reject all packets from a specific blacklist etc. There's actually a
lot of stuff (in the literature) that all firewalls should do that falls
outside of the specific rules that you would come up for your specific
needs.
--
-Time flies like the wind. Fruit flies like a banana. Stranger things have -
-happened but none stranger than this. Does your driver's license say Organ
-Donor?Black holes are where God divided by zero. Listen to me! We are all-
-individuals! What if this weren't a hypothetical question?
steveo at syslang.net
More information about the gnhlug-discuss
mailing list