New Zealand ADSL Mailing List


Re: Linux Firewall

From: Ben Gracewood <gracewoodben_at_hotmail.com>
Date: Thu, 01 Mar 2001 21:50:17
Message-ID: <F140ymQ1WE9ql2RkeS80000251c@hotmail.com>

>
>Attention all Linux Guru's
>
>Newbie wants to know which Linux flavour and firewall tools would best
>protect me network.
>
>Would like reliability, and simplicity.
>
>Any real suggestion would be greatly appreciated.
>signed,
>
>Can only afford a p75.
>

I think everyone has a favourite Linux distribution (flavour) and each has
their merits (e.g. user-friendly vs. robust vs. secure).

However, if you use your head, read all the how-tos and generally take your
time, the distribution really is irrelevant. If you're aiming to finish up
with a really nice (secure) firewall, then you really have to spend the time
learning and doing. Don't rush it.

I've built my experience from scratch through doing, asking and reading. I
started from a RedHat 6 distro, which some will say is unsecure, but the
fact is that in the process of building the firewall, the systems now look
nothing like RedHat 6.

In a nutshell, here's some suggestions (including my biases) for what you
should be planning (please everyone feel free to correct me and/or add
suggestions):

- Install your distro of choice (if you have no preference, perhaps search
archives, mailing lists etc. to find which is likely to be most secure by
default)

- Disable all unecessary services and programs (read up on TCP/IP in
general, inetd (or alternatives), sysV init (kinda like autoexec.bat,
depending on distro))

- Upgrade to a 2.4 stable kernel (www.kernel.org + read the kernel-howto)

- Read up on iptables, NAT and IP filtering in general
(netfilter.kernelnotes.org), then make a firewall :-). I'm happy to provide
example scripts.

- Look into proxy programs (try www.squid-cache.org for http, ncsa for ftp)
for added security & performance.

It all seems a bit daunting, but for every one of the steps above you'll
find a ton of how-tos, examples and step-by-step instructions if you search
briefly. I (and probably 99% of others) have built a huge knowledge of
Linux this way - and I still consider myself a Linux newbie.

Hope this helps,
Ben.

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

This message is part of the NZ ADSL mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@unixathome.org
with "unsubscribe adsl" in the body of the message
Received on Fri Mar 2 10:50:29 2001


This archive was generated by hypermail 2.2.0 : Thu Nov 30 11:48:09 2006 EST