Re: [SLUG] Paul's Firewall

From: steve szmidt (steve@szmidt.org)
Date: Sat Nov 06 2004 - 19:18:40 EST


On Saturday 06 November 2004 02:11 pm, paddy wrote:
> Paul;
>
> Here is a Packet Filter/NAT/Gateway/Bridge that is less tahn 32mb setup.
> Perhaps you may be interested in this.
>
>
> http://sourceforge.net/projects/openlsd/
>
>
> Paddy

This is not bad, though a bit old. Though it looks like 5 releases old.

As far as OBSD goes I think that's before they implemented the really good
stuff. I'd either run updates or build another one but with current version.
But if not used to doing upgrades of OBSD it might be easier to just build a
new one. It's about 400M I think. Then strip it like in the openlsd.

OBSD has implemented a new and greatly improved firewall, anti-buffer-overflow
and other things that makes it even harder to hack. I think the bridging f/w
is much better now, too.

You don't have a bunch of people coming up with better and easier ways of
generating the filter rules, like shorewall. But it does come with good
sample rules and is not very hard to learn at all.

It takes 15 minutes to walk through a default install from the CD. Figure
30min-2 hrs to read the doc and type in the sample rules with some
understanding.

-- 

Steve Szmidt

"They that would give up essential liberty for temporary safety deserve neither liberty nor safety." Benjamin Franklin ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:34:19 EDT