[TCLUG] firewall choices

Thu Oct 18 17:35:37 CDT 2001

I have been looking at some firewall stuff and found some good info, thought I would pass them on:

Firewall   ->     http://www.smoothwall.org 
Good book    Linux Firewalls by Robert L. Ziegler ( includes scripts)

>>> cgahlon at citilink.com 10/18/01 3:57:46 PM >>>
This might help...
http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/IPCHAINS-HOWTO.html#ICMP 

Recommended reading:
Linux Firewalls
http://www.linux-firewall-tools.com/linux/ 

It covers your questions better than the how-to.

Chris Gahlon

David Dyer-Bennet wrote:
> 
> I've changed the subject since I'm grabbing one minor point (of
> concern to me) out of your larger message on constructing a bastion
> host.
> 
> "Chad C. Walstrom" <chewie at wookimus.net> writes:
> 
> > Other Configuration Needs:
> >     o Use iptables to block all incoming TCP and UDP connections
> >       except for:
> >         - tcp port 25 (smtp)
> >         - non-syn tcp packets (IOW, TCP replies from an established
> >           connection to another machine)
> >         - icmp ping-reply
> 
> That last point.  My own servers run exposed to the net, and I'm
> running packet filtering on them as backup for simply disabling
> services I don't want people reaching.
> 
> When constructing my rulesets, I wasn't sure what icmp messages I
> wanted to allow in.  I ended up settling for allowing all icmp in,
> baseed on some of the things I saw in the logs when I was more
> selective.
> 
> Are the various "unreachable" and "redirect" messages not useful?  And
> are they particularly risky to allow through?
> 
> (And I definitely want to allow echo-request in; I want to be
> pingable.)
> --
> David Dyer-Bennet, dd-b at dd-b.net  /  Ghugle: the Fannish Ghod of Queries
>         Book log: http://www.dd-b.net/dd-b/Ouroboros/booknotes/ 
>                  Photos: http://dd-b.lighthunters.net/ 
> _______________________________________________
> Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul, Minnesota
> http://www.mn-linux.org 
> tclug-list at mn-linux.org 
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list 
_______________________________________________
Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org 
tclug-list at mn-linux.org 
https://mailman.mn-linux.org/mailman/listinfo/tclug-list