Re: [Cooker-firewall] Shorewall setup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alle 15:18, giovedì 22 agosto 2002, hai scritto: > > Concerning the default config of shorewall, I suggest that the default > > rule for wan->all is set to DROP rather than REJECT. I think it's better > > in term of security (ref. Linux firewalls by R.L. Ziegler). > > I know that ... this could be done indeed ... The standard sonfiguration > is not the most secure one ... nut one has the possibility to restrict > even more the firewall policies, rules. I think the default configuration for a FW should be the most secure !! We are not talking about a distro for desktop, it must be secure by default ! - -- http://SuperAlberT.it \n\t\t http://www.totocom.net \n", "IRC: \t\t #php,#AES irc.azzurra.com \n ICQ UIN: \t\t 158591185"; ?> -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9ZLpsHT7fKa+io+URAh7JAJwPycftrktIofEPJefsk/6UISFtoQCffyBd XGQH4HLF/Ghj3aV/zyh7Rfk= =EsUg -END PGP SIGNATURE-
Re: [Cooker-firewall] Shorewall setup
[EMAIL PROTECTED] writes: > Hello, > > Concerning the default config of shorewall, I suggest that the default > rule for wan->all is set to DROP rather than REJECT. I think it's better > in term of security (ref. Linux firewalls by R.L. Ziegler). I know that ... this could be done indeed ... The standard sonfiguration is not the most secure one ... nut one has the possibility to restrict even more the firewall policies, rules. > In the same spirit, for boxes connected by ADSL or dial-up (and perhaps ISDN but I >don't know), I suggest that the interface defined for wan is set up to ppp+. By >experience, I've started by using eth1 (where is connected by ADSL modem) and spent >some time to find why my connection was not working. it's in the online docs though ... but this could be also feasable. thx for your thoughts, have a nice day, -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/