[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: your mail
On Wed, 15 Jul 1998, Ernst, Yehuda wrote:
> I saw firwall-howto and I still want to here the opinion of the
> list from their experience
> > >
> > > Can people tell me from their experience.
> > > What is the good (don't need the best) and easy to install firewall
> > for
> > > linux?
if you would have indeed read the FAQ it would have told you these simple
stages:
* get rid of any software running suid root on the machine
* clean out services (including binaries) of anything you don't need
* comment out any unneeded stuff from inetd
* considder dropping inetd altogether in favour of more secure and
controllable competing products
* recompile a kernel with support for forwarding, firewalls and if needed
- masquarading.
* make sure your machine boots with all 2 or 3 NICs you have in it (the
real tricky part)
* use ipfwadm to block all access, then slowly open specific ACLs as
needed (don't trust tcpd, wrap it with another layer)
* add as needed masquarading modules, cache server on port 8080 (running
as nobody!!), etc...
* enable access only from inside if possible, minimize user access to it,
best use S/key or ssh to secure it further.
--
Ira Abramov <ira(a)scso.com> whois: IA58 (a linux enthusiast)
She sells cshs by the cshore. - Rob Malda