Security Basics mailing list archives
RE: Firewall options- which way to go
From: Leon Pholi <L.Pholi () secureinteractive com>
Date: Mon, 21 Oct 2002 17:28:53 +1000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, Thanks for the many useful replies. Thought you would like to know I have decided on the intermediate difficulty level approach- that is using a pre-locked down distro but having a go with IPtables. As many of you pointed out the option chosen usually depends on the time available, and basically I think I'll be able to pick up writing rules in reasonable amount of time, but creating a decent secure bastion host on an unfamiliar OS may be pushing my luck just yet. Maybe I'll go the whole hog and secure the OS as well for version 2 of my adventures, probably still at the diving in the deep end stage but then there's at least a chance I could swim!! Thanks again for all your comments & helpful URLs (that I'm still investigating), will let you know how I go... Leon - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I am looking at options for setting up a Linux firewall for our company. Although I am a relative newbie to Linux, I'm not afraid to get my 'hands dirty' with IPTables etc. I have a couple of questions and would appreciate all comments. 1) Is it better to use a purpose built distribution such as Smoothwall, IPCop or firewall specific ones from Redhat, Mandrake, SuSE etc, or, would it be better to use a standard distro & built it from scratch (bearing in mind I haven't yet recompiled a kernel but I'm willing to give that a go too)? 2) If building from scratch, kernel version 2.4 supports both ipchains & iptables (newer)- does anyone have a strong view on using one over the other? If using a purpose built one, does anyone have any experienced based preferences? 3) Other than just suggesting to do a google search, are there any resources (a simple step by step howto would be good) you would recommend for the suggested approach? All help greatly appreciated. Thanks in advance. Leon - -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPaoQ+23X5duwk+XvEQKyUQCfcI+YuA2CoEgTKPdMkacPHhc0MWQAoKid reavCfqXEnT7pygVQ+8nO9P4 =kL3I - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPbOs823X5duwk+XvEQISXgCg67MWtTXjnX584Kc3Mym/R5Ub6bwAoPt/ dnHzmbAMKRyo2mzDAdwgLycd =neXK -----END PGP SIGNATURE-----
Current thread:
- RE: WIRELESS THEFT, (continued)
- RE: WIRELESS THEFT John Dillingham (Oct 17)
- Re: WIRELESS THEFT Robert J. Young (Oct 18)
- RE: WIRELESS THEFT Clint Harris (Oct 22)
- Re: WIRELESS THEFT Didier Brems (Oct 24)
- Re: Firewall options- which way to go Steve Bremer (Oct 16)
- RE: Firewall options- which way to go Burton M. Strauss III (Oct 16)
- Can't Resolve from behind firewall Ahmed.Shazly (Oct 17)
- Re: Can't Resolve from behind firewall Johan De Meersman (Oct 18)
- RE: Firewall options- which way to go Arjen De Landgraaf (Oct 16)
- RE: Firewall options- which way to go Trevor Cushen (Oct 17)
- RE: Firewall options- which way to go Leon Pholi (Oct 21)