[plug] firewall rules

John Breen locutus at borg.apana.org.au
Wed Dec 26 11:15:30 WST 2001


I was, for some time, running SmoothWall.  Unfortunately, I had issues with 
the DoV setup on SmoothWall that I was unable to resolve, even using 
patches specifically designed to do that.  So I moved to debian.

At 10:48 AM 26/12/2001 +0800, you wrote:
>I can second this as a good solution for a firewall. It is very easy to use,
>quick at setting up, quite robust, runs on just about any distro etc etc
>etc.
>
>There are probably only two other solutions better than this (a) being a
>Bastille hardened box or (b) a smoothwall/firewall specific distro box (see
>a later post for details on smoothwall).
>
> > -----Original Message-----
> > From: Brian Tombleson [mailto:brian at paradigmit.com.au]
> > Sent: Wednesday, 26 December 2001 8:12 AM
> > To: plug at plug.linux.org.au
> > Subject: Re: [plug] firewall rules
> >
> >
> > For gateway firewalls, pmfirewall is a pretty good (and easy) script that
> > will set it up for you after asking some questions..
> > http://www.pmfirewall.com/
> >
> > HTH
> > - Brian.
> >
> > ----- Original Message -----
> > From: "John Breen" <locutus at borg.apana.org.au>
> > To: <plug at plug.linux.org.au>
> > Sent: Wednesday, December 26, 2001 8:03 AM
> > Subject: [plug] firewall rules
> >
> >
> > > Help!
> > >
> > > I'm in the (continuing) process of setting up a linux firewall box, and
> > I'm
> > > just fishing for some advice.
> > >
> > > The box is running Debian 2.2r3 (with updates), so it's running a 2.2
> > > kernel.  I've got the firewall more or less working, but I want
> > to make it
> > > a bit more secure and stuff.  My main concern is that I need to have the
> > > firewalling start up when the box starts up.  I guess I can do
> > this with a
> > > simple shell script in the /etc/init.d dir and then use that
> > from rcx.d to
> > > start it up, right?
> > >
> > > The other question I have is that there must be better rules than I
> > > currently have?  Right now, the default is that everything is
> > > Accepted,  then stuff from my LAN is masqueraded.  That's a pretty big
> > > security hole, isn't it?
> > >
> > > Any suggestions, offers of help, etc...
> > >
> > > Cheers,
> > >
> > > JB
> > >
> > >
> >
> >



More information about the plug mailing list