[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Paul Hewson wrote:I know of IpCop as a firewall, but wondered what there might be that could run on the machine it is protecting. I think Firestarter (a Gnome project) can run on the same machine it is protecting.SuSE have a personal firewall bundled, I took one look and went yuk. I have rolled my own with IP chains - it is not great, and I wouldn't recommend it as a route to go. I've yet to see anything that inspires confidence, although there are a LOT of attempts to simplify IP Chains or IP Table admin on stand alone boxes, to do a solid firewall product requires some pretty intimate knowledge of the Linux IP stack. Although for many purposes NAT on the FW box gives you a good first line for boxes behind it, admin of the box with the firewall on requires great care if you run other stuff on it. I know my personal firewall is open to some basic attacks, although they are beyond my abilities to hack (and I don't fancy the effort involved), and closing the weaknesses down would be annoyingly restrictive for the gain in security. --
I have used a package called EasyTables and EasyChains (one iptables, one ipchains.. funny that...) Works very well for me, it generates a script file (Firewall.sh) which you can edit in nano/pico/vi or whatever your fave editor is (lets not start that argument) and customize the rules, add and remove open ports and who is able to connect.. Hey if i can use it.. anyone can... (no comments on that guys.. be nice) Neil -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.