Firewall Wizards mailing list archives
Re: Dumb newbie question
From: John Babwell <johnbabwell () mailcan com>
Date: Fri, 13 Aug 2004 09:13:40 -0500
I agree that seeing many examples first is the way to go. With the help of a good book like Linux Firewalls (Ziegler), going the 'pure' route as a newbie is not so bad (if you have the time to do it right at least :). Seeing a commented set of rules that makes sense is even better than checking out a recommended ruleset. John p.s., new to the list, I like it so far. I'm sure this book has been talked about at some point.. how do people feel about it in general? On Mon, 9 Aug 2004 13:20:58 -0400 "Loomis, Rip" <GILBERT.R.LOOMIS () saic com> wrote:
I saw several other responses, but I think that they were all missing some critical points.I'm just getting into [Debian] Linux and iptables - a definite newbie! [...] My question is, where is the rule script stored? I want to start trying my own rules but I don't know where the file is to modify.You've self-assessed as a newbie, but you want to start "trying your own rules". Rather than starting by doing iptables rules directly, I'd recommend that you look at installing a package that will allow you to specify rules using a syntax that's easier to comprehend--I've had good results with the "shorewall" package, but there are other good ones out there. If you're really interested in security, then installing such a package (combined with R its FM) will make it easier to construct a rule set that makes sense. In my experience, teaching myself a packet filter by grabbing random rules off webpages and trying to make soup out of them can have...interesting...results. YMMV, of course--but based on your self-assessment I wouldn't recommend just mucking with iptables rules directly. Not saying it won't work, but you'd learn more quickly by letting a firewall package construct a ruleset for you and then going back and looking at the rules it put together and figuring out what each rule does. -- Rip Loomis - SAIC Brainbench MVP for Internet Security _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
-- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Dumb newbie question traef06 RAEF (Aug 06)
- Re: Dumb newbie question Kevin Sheldrake (Aug 06)
- Re: Dumb newbie question Jorge Duarte RodrÃguez (Aug 06)
- <Possible follow-ups>
- RE: Dumb newbie question Loomis, Rip (Aug 12)
- RE: Dumb newbie question R. DuFresne (Aug 12)
- Re: Dumb newbie question John Babwell (Aug 16)
- Re: Dumb newbie question Jim Seymour (Aug 20)
- Re: Dumb newbie question Devdas Bhagat (Aug 20)