Hello Everyone,
I'm back to the firewall thing. I went to freshmeat.net and found a few
firewall utilities (because I'm not smart enough to edit the rules directly),
but the two that I've been working with that have been the most helpful are
firewall (aka fwup.org) and gfcc. I like the GUI part of gfcc, but it's
almost as bad as editing the firewall rules by hand. And you can't create new
chains in it, you have to import them from somewhere...
firewall is better. It puts a file called firewall.policy in /etc, and it's
got a great bunch of "macros" (for lack of a better word) to help navigate
which ports should be open or closed, or what to do with various packets...
Here's an example of what's in the file: [see end of message]
Neither has very good documentation, but firewall at least has (mostly) a
good way of telling what you're doing within the firewall.policy file anyway.
I also like firewall since I can activate it from my console via ./fwup (to
bring up the firewall) or ./fwdown (to bring it down). That way I can
experiment to see what happens.
I just wanted to bring this up because we saw Derrick's presentation in June
(IIRC) about firewalls and security, and hopefully let others know that there
are firewall helper tools out there, in case you understood what Derrick was
saying at the time, yet, like me, forgot it all by the time you were in your
car :-)
Russell
example from /etc/firewall.policy
##############################################################################
# Incoming SMTP
#
# Note: If this is a bastion host, run smap and permit all hosts to connect.
# Otherwise, run smap and only permit connections from the bastion host.
#
# Open: tcp/25
# SERVICES="$SERVICES ismtp"
# List of hosts which may connect to this host's SMTP server.
# Blank means all hosts.
# SMTP_CLIENTS=""
##############################################################################
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:56:26 EDT