Portsentry is not a firewall, it is a port scan detection utility. It will listen to all designated ports for behaviour that is supicious, and block the originating host from accessing your machine. It does this by adding the offending host to you hosts.deny file, which tcpwrappers reads before making connections to its services. Portsentry can also kill the route by adding the host to the routing table, which is the default, or if you add the line, it will instead add the host to the kernal firewall by adding it to the ipchains rules. Pmfirewall, an ipchains script, is a firewall utility that sets up your ipchains rules automatically through a script which is re-enacted during each startup (unless you tell it otherwise). It uses a very easy setup routine, through which you configure the basics of your firewall by answering questions about the services you may run on your machine. If you are tired of configuring ipchains by hand, you should give pmfirewall a try. In addition to that, you should also give portsentry a try... this will enhance the effectiveness of the firewall ipchains rules. And, if you're anal, use hostsentry and logcheck on top of those two to add better notification of suspicious use and attack attempts. --Greg > I was curious what firewall software (preferably free) is considered > powerful and somewhat easy to use. I wrote my own with ipchains and > ipmasqadm. Mandrake comes with gfcc, but I might as well write the thing by > hand. I've read about the port sentry firewall and that looks appealing, > but I would like some opinions / comments before deploying it. > > Andy > ______________________________________________________________________________ Vous avez un site perso ? 2 millions de francs à gagner sur i(france) ! Webmasters : ZE CONCOURS ! http://www.ifrance.com/_reloc/concours.emailif
