Security Basics mailing list archives
RE: Firewall options- which way to go
From: "Burton M. Strauss III" <bstrauss3 () attbi com>
Date: Tue, 15 Oct 2002 16:19:04 -0500
If all you want it to be, you're better off with a firewall-specific
distribution.
Two reasons...
1) the developers tend to focus on the firewall aspects, it's not an add-on
among 1000s of packages and services
and
2) (very important, IMHO) it's a perfect defense against overloading the
"available" Linux box with a lot of other services that might weaken it's
defenses...
"Nope, sorry, can't do, it only works as a firewall.
However, if you want a xxxx server, I'll be happy to
build another Linux box and set it up in the (LAN | DMZ)
for you"
I prefer the iptables approach - there are a lot more things you can do
(such as rate limiting, etc.)
And, re your Q3, if it's a purpose oriented distro, then you typically get
much better how to docs.
-----Burton
-----Original Message-----
From: Leon Pholi [mailto:L.Pholi () secureinteractive com]
Sent: Sunday, October 13, 2002 7:33 PM
To: security-basics () securityfocus com
Subject: Firewall options- which way to go
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I am looking at options for setting up a Linux firewall for our
company. Although I am a relative newbie to Linux, I'm not afraid to
get my 'hands dirty' with IPTables etc.
I have a couple of questions and would appreciate all comments.
1) Is it better to use a purpose built distribution such as
Smoothwall, IPCop or firewall specific ones from Redhat, Mandrake,
SuSE etc, or, would it be better to use a standard distro & built it
from scratch (bearing in mind I haven't yet recompiled a kernel but
I'm willing to give that a go too)?
2) If building from scratch, kernel version 2.4 supports both
ipchains & iptables (newer)- does anyone have a strong view on using
one over the other?
If using a purpose built one, does anyone have any experienced based
preferences?
3) Other than just suggesting to do a google search, are there any
resources (a simple step by step howto would be good) you would
recommend for the suggested approach?
All help greatly appreciated. Thanks in advance.
Leon
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBPaoQ+23X5duwk+XvEQKyUQCfcI+YuA2CoEgTKPdMkacPHhc0MWQAoKid
reavCfqXEnT7pygVQ+8nO9P4
=kL3I
-----END PGP SIGNATURE-----
Current thread:
- WIRELESS THEFT, (continued)
- WIRELESS THEFT Amit P. Gandre (Oct 16)
- RE: WIRELESS THEFT Greg van der Gaast (Oct 17)
- R: WIRELESS THEFT Alessandro Bottonelli (Oct 17)
- Re: WIRELESS THEFT Johannes Ullrich (Oct 17)
- Re: WIRELESS THEFT Ric Pa (Oct 17)
- RE: WIRELESS THEFT John Dillingham (Oct 17)
- Re: WIRELESS THEFT Robert J. Young (Oct 18)
- RE: WIRELESS THEFT Clint Harris (Oct 22)
- Re: WIRELESS THEFT Didier Brems (Oct 24)
- Re: Firewall options- which way to go Steve Bremer (Oct 16)
- RE: Firewall options- which way to go Burton M. Strauss III (Oct 16)
- Can't Resolve from behind firewall Ahmed.Shazly (Oct 17)
- Re: Can't Resolve from behind firewall Johan De Meersman (Oct 18)
- RE: Firewall options- which way to go Arjen De Landgraaf (Oct 16)
- RE: Firewall options- which way to go Trevor Cushen (Oct 17)
- RE: Firewall options- which way to go Leon Pholi (Oct 21)
- WIRELESS THEFT Amit P. Gandre (Oct 16)