Re: [SLUG] Firewall helpers

• Next message: MK: "Re: [SLUG] Install ?'s"
• Previous message: Doug Koobs: "Re: [SLUG] Firewall helpers"
• In reply to: Russell Hires: "[SLUG] Firewall helpers"
• Next in thread: Russell Hires: "Re: [SLUG] Firewall helpers"
• Reply: Russell Hires: "Re: [SLUG] Firewall helpers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Friday 07 September 2001 10:19 pm, Russell Hires wrote:
> Hello Everyone,
>
> I'm back to the firewall thing. I went to freshmeat.net and found a few
> firewall utilities (because I'm not smart enough to edit the rules
> directly), but the two that I've been working with that have been the most
> helpful are firewall (aka fwup.org) and gfcc. I like the GUI part of gfcc,
> but it's almost as bad as editing the firewall rules by hand. And you can't
> create new chains in it, you have to import them from somewhere...
>
> firewall is better. It puts a file called firewall.policy in /etc, and it's
> got a great bunch of "macros" (for lack of a better word) to help navigate
> which ports should be open or closed, or what to do with various packets...
> Here's an example of what's in the file: [see end of message]
>
> Neither has very good documentation, but firewall at least has (mostly) a
> good way of telling what you're doing within the firewall.policy file
> anyway. I also like firewall since I can activate it from my console via
> ./fwup (to bring up the firewall) or ./fwdown (to bring it down). That way
> I can experiment to see what happens.
>
> I just wanted to bring this up because we saw Derrick's presentation in
> June (IIRC) about firewalls and security, and hopefully let others know
> that there are firewall helper tools out there, in case you understood what
> Derrick was saying at the time, yet, like me, forgot it all by the time you
> were in your car :-)
>
> Russell
>
> example from /etc/firewall.policy
> ###########################################################################
>### # Incoming SMTP
> #
> # Note: If this is a bastion host, run smap and permit all hosts to
> connect. # Otherwise, run smap and only permit connections from the bastion
> host. #
> # Open: tcp/25
>
> # SERVICES="$SERVICES ismtp"
>
> # List of hosts which may connect to this host's SMTP server.
> # Blank means all hosts.
> # SMTP_CLIENTS=""
>
> ###########################################################################
>###

Hi Russell:

Have you taken a look at e-Smith? If so what do you think?

Frank

• Next message: MK: "Re: [SLUG] Install ?'s"
• Previous message: Doug Koobs: "Re: [SLUG] Firewall helpers"
• In reply to: Russell Hires: "[SLUG] Firewall helpers"
• Next in thread: Russell Hires: "Re: [SLUG] Firewall helpers"
• Reply: Russell Hires: "Re: [SLUG] Firewall helpers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:56:52 EDT