Security Basics mailing list archives

RE: Firewall options- which way to go

From: Leon Pholi <L.Pholi () secureinteractive com>
Date: Mon, 21 Oct 2002 17:28:53 +1000

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

Thanks for the many useful replies.

Thought you would like to know I have decided on the intermediate
difficulty level approach- that is using a pre-locked down distro but
having a go with IPtables. As many of you pointed out the option
chosen usually depends on the time available, and basically I think
I'll be able to pick up writing rules in reasonable amount of time,
but creating a decent secure bastion host on an unfamiliar OS may be
pushing my luck just yet.

Maybe I'll go the whole hog and secure the OS as well for version 2
of my adventures, probably still at the diving in the deep end stage
but then there's at least a chance I could swim!!

Thanks again for all your comments & helpful URLs (that I'm still
investigating), will let you know how I go...

Leon
 
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I am looking at options for setting up a Linux firewall for our
company. Although I am a relative newbie to Linux, I'm not afraid to
get my 'hands dirty' with IPTables etc. 

I have a couple of questions and would appreciate all comments.

1) Is it better to use a purpose built distribution such as
Smoothwall, IPCop or firewall specific ones from Redhat, Mandrake,
SuSE etc, or, would it be better to use a standard distro & built it
from scratch (bearing in mind I haven't yet recompiled a kernel but
I'm willing to give that a go too)? 

2) If building from scratch, kernel version 2.4 supports both
ipchains & iptables (newer)- does anyone have a strong view on using
one over the other?
If using a purpose built one, does anyone have any experienced based
preferences?

3) Other than just suggesting to do a google search, are there any
resources (a simple step by step howto would be good) you would
recommend for the suggested approach?

All help greatly appreciated. Thanks in advance.

Leon

- -----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPaoQ+23X5duwk+XvEQKyUQCfcI+YuA2CoEgTKPdMkacPHhc0MWQAoKid
reavCfqXEnT7pygVQ+8nO9P4
=kL3I
- -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPbOs823X5duwk+XvEQISXgCg67MWtTXjnX584Kc3Mym/R5Ub6bwAoPt/
dnHzmbAMKRyo2mzDAdwgLycd
=neXK
-----END PGP SIGNATURE-----

Current thread:

RE: WIRELESS THEFT, (continued)
- - RE: WIRELESS THEFT John Dillingham (Oct 17)
  - Re: WIRELESS THEFT Robert J. Young (Oct 18)
  - RE: WIRELESS THEFT Clint Harris (Oct 22)
    - Re: WIRELESS THEFT Didier Brems (Oct 24)
- Re: Firewall options- which way to go Steve Bremer (Oct 16)
- RE: Firewall options- which way to go Burton M. Strauss III (Oct 16)
- Can't Resolve from behind firewall Ahmed.Shazly (Oct 17)
  - Re: Can't Resolve from behind firewall Johan De Meersman (Oct 18)
- RE: Firewall options- which way to go Arjen De Landgraaf (Oct 16)
- RE: Firewall options- which way to go Trevor Cushen (Oct 17)
- RE: Firewall options- which way to go Leon Pholi (Oct 21)