Jeff,
may I recommend http://sourceforge.net/tracker/index.php?func=detail&aid=482935&group_id=13391&atid=113391
It explains why agt is no longer in Debian.
Niall
Loren Jordan wrote:
Jeff,
I have found an incredibly simple system, that some day should be put into a debian package. it's call "agt" and can be found at http://sourceforge.net/projects/agt/
It installs the configuration files in /boot/fw and they are very well commented as to the format required. Read them, they are not long and have a lot of useful information in them. (you can change the location of these files in the Makefile and defs.h)
Makefile:CONF_PATH = /boot/fw or wherever you want it.
defs.h:#define AGT_DIR "/boot/fw" make this the same as above.
If you want something that is downloaded, built, configured and running in 10 minutes with no prior knowledge of it...
Some day this package might be put into a debian package. It's just a simple no-frills firewall system for machines on cable/dsl/etc... that make NAT configuration simple.
Hope this helps, Loren Jordan
At 03:16 AM 02/07/2002 -0500, Jeff Bonner wrote:
I'm replacing my current ipchains-based firewall, which serves a small internal LAN of 3 machines, with one that runs iptables/netfilter.
Since I offer no services (yet), the goal is to make this IP address invisible to port scans and other grotesques from the internet, while interfering as little as possible with a variety of protocols that the internal machines need (ICQ/AIM/MSN/Yahoo, IRC, FTP, HTTP, POP3 etc).
So, I created a new Woody installation on a 486/66 DX2 with 24MB of RAM and 1GB of hard drive space, separated into various partitions to avoid overflowing logs and such. Then I applied the objectives outlined in Securing Debian [http://debian.org/doc/manuals/securing-debian-how-to/]. Next I compiled a custom kernel that has all the appropriate modules hard-coded, to avoid the additional security risk of loadable modules.
Now I'm ready to actually create the ruleset (or chains, whatever they are called) for the firewall. I understand the basic concepts behind iptables/netfilter, but frankly, there are so many variables that I've decided to start out with a pre-made firewall script, as I did with ipchains.
I would like some input as to which script(s) the reader considers the most secure vs ease of use. The one I'm leaning towards is Monmotha's [http://monmotha.mplug.org/firewall/firewall/2.3/rc.firewall-2.3.8-pre4] . It seems to satisfy my desire for all-out security paranoia, while still being simple to configure.
Another candidate was NARC [http://www.knowplace.org/netfilter/narc.html] but its complexity is discouraging. However, if it were to offer better security than Monmotha's script, I might be willing to take another look.
I also experimented with FWBuilder [http://www.fwbuilder.org] which is available directly as a .deb package. While it looks very capable, I'd essentially have to design the firewall from scratch. Since I might miss something, I've ruled this out.
Thanks in advance,
Jeff Bonner
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]