On Sunday 23 April 2006 14:46, Eben King wrote:
> > While we're at it, why don't we set up a dedicated firewall
>
> Heh. I had a spare 486 that I slapped a couple ISA NICs in and called it a
> router. Ran 2.2 w/ iptables very well. It logged by sending messages to
> syslogd over the LAN. Quite handy having your firewall logs on your own
> machine.
: ) Here I was thinking you were not going to do anything in depth. Well done!
Though it would be a good idea if you also updated to the latest kernel. Big
difference on 2.2 and 2.6. Several big security updates besides performance.
Though I only use OpenBSD on dedicated firewalls. More flexible and more
secure. You get a minimalistic setup that fits on 500MB and 48MB RAM. In over
8 years they have only had one remote hole on a default install. Takes 10
minutes to install. Well documented.
> > a deny by default policy, ...
>
> Didn't have that...
It's a lot easier to open a few ports than closing almost all...
If you are creating filters by hand and get confused with IN and OUT it's
really easy. Think of a box with a hole on each side. IN means into the box,
OUT means out of the box. It does not matter which NIC.
--Steve Szmidt
"To enjoy the right of political self-government, men must be capable of personal self-government - the virtue of self-control. A people without decency cannot be secure in its liberty. From the Declaration Principles ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:42:31 EDT