[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: your mail




On Wed, 15 Jul 1998, Ernst, Yehuda wrote:

> 	I saw firwall-howto and I still want to here the opinion of the
> list from their experience
> > > 
> > > Can people tell me from their experience.
> > > What is the good (don't need the best) and easy to install firewall
> > for
> > > linux?

if you would have indeed read the FAQ it would have told you these simple
stages:

* get rid of any software running suid root on the machine
* clean out services (including binaries) of anything you don't need
* comment out any unneeded stuff from inetd
* considder dropping inetd altogether in favour of more secure and
  controllable competing products
* recompile a kernel with support for forwarding, firewalls and if needed
  - masquarading.
* make sure your machine boots with all 2 or 3 NICs you have in it (the
  real tricky part)
* use ipfwadm to block all access, then slowly open specific ACLs as
  needed (don't trust tcpd, wrap it with another layer)
* add as needed masquarading modules, cache server on port 8080 (running
  as nobody!!), etc...
* enable access only from inside if possible, minimize user access to it,
  best use S/key or ssh to secure it further.

-- 
Ira Abramov    <ira(a)scso.com>     whois: IA58   (a linux enthusiast)

She sells cshs by the cshore.       - Rob Malda