----- Original Message ----- From: Petty, Robert <[EMAIL PROTECTED]> To: Petty, Robert <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, May 30, 2003 11:54 AM Subject: Linux firewall/IDS/NAT suggestions
> Which kernel would be best? 2.0.x, 2.2.x, or 2.4.x? I'd also go with 2.4 because it's the active kernel and I don't think iptables is supported on anything else. I'd definitely use iptabes for the state processing it offers. Just be sure to use up-to-date drivers on all NIC's. > Should the NAT and Firewall rules be written and maintained on CD-R media so > a malicious attacker cannot hide rule changes? Should the firewall be > re-initialized on a schedule to ensure the live rules are those from the > read-only media? There's no reason why you can't put the whole system on CDR and write protected floppy and boot the whole thing into a RAM disk. If it's ever comprimised, change the vuneriable/cracked parts and reboot. The Sentry firewall project does this. See www.sentryfirewall.com for details. It's based on the Slackware distro last time I checked. Another choice is IPCop http://ipcop.org/cgi-bin/twiki/view/IPCop/WebHome I've never played with it but saw it listed elsewere on the list. > Last, but not least, what's a good HowTo that can be used as a basis? I > would prefer one that starts off a little more strict so I can simplify > rather than have to bone up on all of the current vulnerabilities. Sentry has a posted mini-howto. There's also several HOWTO's on filtering: Linux 2.4 Packet Filtering Linux netfilter Hacking Netfilter Extensions Linux 2.4 NAT There's also an iptables tutorial by Oskar Andreasson. > Thanks for any replies! No Problem! David
