Re: [SLUG] Letting Stuff In...

From: Ian C. Blenke (icblenke@nks.net)
Date: Wed Apr 17 2002 - 11:20:00 EDT


On Tue, 2002-04-16 at 20:28, Russell Hires wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm going to do what you suggest. In fact, I sort of am anyway...
>
> Today I played with a million and one different firewall front ends, and most
> of them suck, either because the authors know a lot about firewalls, or the
> authors know a lot about front ends and didn't do a good job translating
> firewall rules into a good front end...admittedly, the whole firewall thing
> is complex, but still, I end up having to do too much thinking.

The best firewall ruleset GUI I've found so far is "fwbuilder". It is
*very* akin to the Firewall-1 console, and it can produce iptables,
ipchains, and I believe ipfilter ruleset scripts. In fact, "fwbuilder"
is what I've used on the last 4 firewalls I've built (after tossing the
OpenBSD ipfilter firewall aside).

Avoid ipchains though, no stateful inspection. Look for iptables based
firewalling scripts and use a 2.4 kernel.

> > ipchains -A input -l -i ppp0 -d 0.0.0.0/0 22 -p UDP -j ACCEPT

SSH is not UDP. Never has been, but it wouldn't suprise me if someone
has hacked in a UDP transport to some version at some time in the past.
Change his to TCP and give it another try.

- Ian C. Blenke <icblenke@nks.net> <ian@blenke.com>
http://ian.blenke.com



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:12:44 EDT