Re: [SLUG] How to set up a dedicated firewall box

From: Derek Glidden (dglidden@illusionary.com)
Date: Mon Oct 28 2002 - 13:11:05 EST

Next message: Norbert Cartagena: "Re: [SLUG] A beginners question"
Previous message: Smitty: "[SLUG] How to set up a dedicated firewall box"
In reply to: Smitty: "[SLUG] How to set up a dedicated firewall box"
Next in thread: Vernon Singleton: "Re: [SLUG] How to set up a dedicated firewall box"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Mon, 2002-10-28 at 13:58, Smitty wrote:
> I am using suse 8.1and would like to retire my old box to firewall service.
> It has two nics installed that are of different brands. I have a adsl
> connection with dynamic ip address.
> I request tips on howto do this.

the easiest way would be to grab one of the many dedicated firewall
distros out there. but you may not understand exactly how it's working
if it's too easy to set up, and that's generally dangerous when you're
talking about security.

You could otherwise install pretty much any modern distro as if you were
going to set up a minimal-install server, then grab my "iptables.sh"
script that I've floated across the list a couple of times, edit as
appropriate and run it. "as appropriate" will require that you read
through it and have some understanding of what it does, which is A Good
Thing.

I've also still got the presentation I gave some time ago online at:

http://www.illusionary.com/~dglidden/linux-fw/

it's more of a theory than practice kind of thing, but again, it's
important to understand what your firewall is doing and how to verify
it's doing what you want, otherwise you can wind up with a false sense
of security.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval 
usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
    | extract_mpeg2 | mpeg2dec - 
         http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
http://www.eff.org/                   http://www.anti-dmca.org/

Next message: Norbert Cartagena: "Re: [SLUG] A beginners question"
Previous message: Smitty: "[SLUG] How to set up a dedicated firewall box"
In reply to: Smitty: "[SLUG] How to set up a dedicated firewall box"
Next in thread: Vernon Singleton: "Re: [SLUG] How to set up a dedicated firewall box"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:57:10 EDT