Re: help with firewall
On Wed, Jul 02, 2003 at 11:38:57PM +0200, [EMAIL PROTECTED] wrote: > Hi, > Can anyone help me with this firewall.I would like to change > INTNET="192.168.0.0/24" to more exacts ips like 192.168.0.1,192.168.0.22 and > so one. you will either have to rewrite every rule matching 192.168.0.0/24 to match every single host - so 10 hosts make ten rules - or you switch to a smaller subnet e.g. 192.168.0.0/27 going from IP 192.168.0.1 to 192.168.0.30 with a Broadcast .31 the later only leaves less free IP in your subnet, but will help to reduce work. Gruss Horst -- Have you noticed the way people's intelligence capabilities decline sharply the minute they start waving guns around? -- Dr. Who
Re: help with firewall
On Wed, Jul 02, 2003 at 11:38:57PM +0200, [EMAIL PROTECTED] wrote: > Hi, > Can anyone help me with this firewall.I would like to change > INTNET="192.168.0.0/24" to more exacts ips like 192.168.0.1,192.168.0.22 and > so one. you will either have to rewrite every rule matching 192.168.0.0/24 to match every single host - so 10 hosts make ten rules - or you switch to a smaller subnet e.g. 192.168.0.0/27 going from IP 192.168.0.1 to 192.168.0.30 with a Broadcast .31 the later only leaves less free IP in your subnet, but will help to reduce work. Gruss Horst -- Have you noticed the way people's intelligence capabilities decline sharply the minute they start waving guns around? -- Dr. Who -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
help with firewall
Hi, Can anyone help me with this firewall.I would like to change INTNET="192.168.0.0/24" to more exacts ips like 192.168.0.1,192.168.0.22 and so one. Thanks for any help. Charls IPTABLES="/sbin/iptables" EXTDEV="ppp0" EXTIP=`ifconfig $EXTDEV | grep "inet addr:" | \ awk -F: {'print $2'} | cut -d\ -f 1` if [ -z "${EXTIP}" ]; then exit 1 fi #EXTIP="x.x.x.x" INTDEV="eth0" INTIP=`ifconfig $INTDEV | grep "inet addr:" | \ awk -F: {'print $2'} | cut -d\ -f 1` if [ -z "${INTIP}" ]; then exit 1 fi #INTIP="y.y.y.y" INTNET="192.168.0.0/24" echo "EXTDEV: ${EXTDEV} z ${EXTIP}" echo "INTDEV: ${INTDEV} z ${INTIP}" case "$1" in start) echo -n "Starting firewall: " #modprobe ip_tables #modprobe ip_conntrack #modprobe ip_conntrack_ftp #modprobe ip_masq_ftp #modprobe ip_masq_irc #modprobe ip_masq_raudio $IPTABLES -t nat -A POSTROUTING -o $EXTDEV -j SNAT --to-source=$EXTIP $IPTABLES -F $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP $IPTABLES -P FORWARD DROP #--==[ kernel ]==-- # echo 1 > /proc/sys/net/ipv4/ip_forward /bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all /bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts /bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route /bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects /bin/echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses /bin/echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter $IPTABLES -A INPUT -i lo -j ACCEPT $IPTABLES -A OUTPUT -o lo -j ACCEPT #$IPTABLES -I FORWARD -p tcp -d $DSTIP --dport $SRCPRT -j ACCEPT #$IPTABLES -I FORWARD -p udp -d $DSTIP --dport $SRCPRT -j ACCEPT #$IPTABLES -t nat -A PREROUTING -p tcp -i $LOCALIF -s $ALLOWFROM -d $SRCIP --dport $SRCPRT -j DNAT --to $DSTIP #$IPTABLES -t nat -A PREROUTING -p udp -i $LOCALIF -s $ALLOWFROM -d $SRCIP --dport $SRCPRT -j DNAT --to $DSTIP #---==[ INPUT ]==--- $IPTABLES -A INPUT -i $EXTDEV -p icmp -m state --state ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -i $EXTDEV -p icmp -m state --state RELATED -j ACCEPT # Przepuszczamy nawiazywanie polaczen $IPTABLES -A OUTPUT -o $EXTDEV -p icmp -m state --state NEW -j ACCEPT $IPTABLES -A OUTPUT -o $EXTDEV -p icmp -m state --state ESTABLISHED -j ACCEPT $IPTABLES -A OUTPUT -o $EXTDEV -p icmp -m state --state RELATED -j ACCEPT $IPTABLES -A INPUT -i $INTDEV -p udp -d 192.168.1.255 --dport 137:138 -j DROP #** SSH ** $IPTABLES -A INPUT -p tcp --sport 1024: --dport 22 -m state --state NEW -j ACCEPT #** FTP ** $IPTABLES -A INPUT -p tcp --dport 21 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -p udp --dport 21 -m state --state NEW -j ACCEPT #** DHCPD ** $IPTABLES -A INPUT -p tcp --dport 67 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -p udp --dport 67 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 68 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -p udp --dport 68 -m state --state NEW -j ACCEPT #** HTTP ** $IPTABLES -A INPUT -p tcp --sport 1024: --dport 80 -m state --state NEW -j ACCEPT #** RPC ** $IPTABLES -A INPUT -i $INTDEV -p tcp --dport 111 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $INTDEV -p udp --dport 111 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $INTDEV -p udp --dport 2049 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $INTDEV -p udp --dport 1026 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $INTDEV -p tcp --dport 1026 -m state --state NEW -j ACCEPT #** DNS ** $IPTABLES -A INPUT -i $INTDEV -p udp --sport 1024: --dport 53 -m state --state NEW -j ACCEPT # Transakcje serwer-serwer $IPTABLES -A INPUT -i $INTDEV -p udp --sport 53 --dport 53 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --sport 1024: --dport 113 -m state --state NEW -j REJECT --reject-with icmp-port-unreachable $IPTABLES -A INPUT -m state --state ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -m state --state RELATED -j ACCEPT #$IPTABLES -A INPUT -j LOG --log-prefix "IPT INPUT: " $IPTABLES -A INPUT -j DROP #---==[ OUTPUT ]==--- $IPTABLES -A OUTPUT -m state --state ! INVALID -j ACCEPT #$IPTABLES -A OUTPUT -j LOG --log-prefix "IPT OUTPUT: " $IPTABLES -A OUTPUT -j DROP #---==[ FORWARD ]==--- $IPTABLES -A FORWARD -i $INTDEV -p tcp -s $INTNET --sport 1024: -m state --state NEW -j ACCEPT $IPTABLES -A FORWARD -i $INTDEV -p tcp -s $INTNET --sport 1024: -m state --state ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -i $INTDEV -p tcp -s $INTNET --sport 1024: -m state --state RELATED -j ACCEPT $IPTABLES -A FORWARD -i $INTDEV -p udp -s $INTNET --sport 1024: -m state --state NEW -j ACCEPT $IPTABLES -A FORWARD -i $INTDEV -p udp -s $INTNET --sport 1024: -m state --state ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -i $INTDEV -p udp -s $INTNET --sport 1024: -m state --state RELATED -j ACCEPT $IPTABLES -A FORWARD -o $INTDEV -p tcp -d $INTNET --dport 1024: -m state --state ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -o $INTDEV -p tcp -d $INTNET --dport 1024:
help with firewall
Hi, Can anyone help me with this firewall.I would like to change INTNET="192.168.0.0/24" to more exacts ips like 192.168.0.1,192.168.0.22 and so one. Thanks for any help. Charls IPTABLES="/sbin/iptables" EXTDEV="ppp0" EXTIP=`ifconfig $EXTDEV | grep "inet addr:" | \ awk -F: {'print $2'} | cut -d\ -f 1` if [ -z "${EXTIP}" ]; then exit 1 fi #EXTIP="x.x.x.x" INTDEV="eth0" INTIP=`ifconfig $INTDEV | grep "inet addr:" | \ awk -F: {'print $2'} | cut -d\ -f 1` if [ -z "${INTIP}" ]; then exit 1 fi #INTIP="y.y.y.y" INTNET="192.168.0.0/24" echo "EXTDEV: ${EXTDEV} z ${EXTIP}" echo "INTDEV: ${INTDEV} z ${INTIP}" case "$1" in start) echo -n "Starting firewall: " #modprobe ip_tables #modprobe ip_conntrack #modprobe ip_conntrack_ftp #modprobe ip_masq_ftp #modprobe ip_masq_irc #modprobe ip_masq_raudio $IPTABLES -t nat -A POSTROUTING -o $EXTDEV -j SNAT --to-source=$EXTIP $IPTABLES -F $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP $IPTABLES -P FORWARD DROP #--==[ kernel ]==-- # echo 1 > /proc/sys/net/ipv4/ip_forward /bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all /bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts /bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route /bin/echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects /bin/echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses /bin/echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter $IPTABLES -A INPUT -i lo -j ACCEPT $IPTABLES -A OUTPUT -o lo -j ACCEPT #$IPTABLES -I FORWARD -p tcp -d $DSTIP --dport $SRCPRT -j ACCEPT #$IPTABLES -I FORWARD -p udp -d $DSTIP --dport $SRCPRT -j ACCEPT #$IPTABLES -t nat -A PREROUTING -p tcp -i $LOCALIF -s $ALLOWFROM -d $SRCIP --dport $SRCPRT -j DNAT --to $DSTIP #$IPTABLES -t nat -A PREROUTING -p udp -i $LOCALIF -s $ALLOWFROM -d $SRCIP --dport $SRCPRT -j DNAT --to $DSTIP #---==[ INPUT ]==--- $IPTABLES -A INPUT -i $EXTDEV -p icmp -m state --state ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -i $EXTDEV -p icmp -m state --state RELATED -j ACCEPT # Przepuszczamy nawiazywanie polaczen $IPTABLES -A OUTPUT -o $EXTDEV -p icmp -m state --state NEW -j ACCEPT $IPTABLES -A OUTPUT -o $EXTDEV -p icmp -m state --state ESTABLISHED -j ACCEPT $IPTABLES -A OUTPUT -o $EXTDEV -p icmp -m state --state RELATED -j ACCEPT $IPTABLES -A INPUT -i $INTDEV -p udp -d 192.168.1.255 --dport 137:138 -j DROP #** SSH ** $IPTABLES -A INPUT -p tcp --sport 1024: --dport 22 -m state --state NEW -j ACCEPT #** FTP ** $IPTABLES -A INPUT -p tcp --dport 21 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -p udp --dport 21 -m state --state NEW -j ACCEPT #** DHCPD ** $IPTABLES -A INPUT -p tcp --dport 67 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -p udp --dport 67 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 68 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -p udp --dport 68 -m state --state NEW -j ACCEPT #** HTTP ** $IPTABLES -A INPUT -p tcp --sport 1024: --dport 80 -m state --state NEW -j ACCEPT #** RPC ** $IPTABLES -A INPUT -i $INTDEV -p tcp --dport 111 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $INTDEV -p udp --dport 111 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $INTDEV -p udp --dport 2049 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $INTDEV -p udp --dport 1026 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -i $INTDEV -p tcp --dport 1026 -m state --state NEW -j ACCEPT #** DNS ** $IPTABLES -A INPUT -i $INTDEV -p udp --sport 1024: --dport 53 -m state --state NEW -j ACCEPT # Transakcje serwer-serwer $IPTABLES -A INPUT -i $INTDEV -p udp --sport 53 --dport 53 -m state --state NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --sport 1024: --dport 113 -m state --state NEW -j REJECT --reject-with icmp-port-unreachable $IPTABLES -A INPUT -m state --state ESTABLISHED -j ACCEPT $IPTABLES -A INPUT -m state --state RELATED -j ACCEPT #$IPTABLES -A INPUT -j LOG --log-prefix "IPT INPUT: " $IPTABLES -A INPUT -j DROP #---==[ OUTPUT ]==--- $IPTABLES -A OUTPUT -m state --state ! INVALID -j ACCEPT #$IPTABLES -A OUTPUT -j LOG --log-prefix "IPT OUTPUT: " $IPTABLES -A OUTPUT -j DROP #---==[ FORWARD ]==--- $IPTABLES -A FORWARD -i $INTDEV -p tcp -s $INTNET --sport 1024: -m state --state NEW -j ACCEPT $IPTABLES -A FORWARD -i $INTDEV -p tcp -s $INTNET --sport 1024: -m state --state ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -i $INTDEV -p tcp -s $INTNET --sport 1024: -m state --state RELATED -j ACCEPT $IPTABLES -A FORWARD -i $INTDEV -p udp -s $INTNET --sport 1024: -m state --state NEW -j ACCEPT $IPTABLES -A FORWARD -i $INTDEV -p udp -s $INTNET --sport 1024: -m state --state ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -i $INTDEV -p udp -s $INTNET --sport 1024: -m state --state RELATED -j ACCEPT $IPTABLES -A FORWARD -o $INTDEV -p tcp -d $INTNET --dport 1024: -m state --state ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -o $INTDEV -p tcp -d $INTNET --dport 1024:
Re: Help with Firewall section in the Debian Security Manual
On Friday, 18. January 2002 05:29, Jor-el wrote: > On Wed, 16 Jan 2002, Javier Fernández-Sanguino Peña wrote: > > Both should point to other sites regarding general info (what a firewall > > is? what does netfilter do?) and not reproduce it (terrible waste of time > > and difficult to maintain up to date). > > Is it really wise to talk about netfilter in a "Debian Security > HOWTO"? After all, the stable distribution of Debian (which is what > newbies will and should use), uses the 2.2 kernel which doesnt support > netfilter. Do you think newbies would start with build their own firewall scripts? I don't. Having build a ipchains script, and having upgraded to iptables lately I would say that iptables required a much more sane script. I would like to have a bit more talk about firewall concepts and security background information than an packet-filter script implementation in the HOWTO. I think there are enough example script available on the net, and all the information I needed to write my script was in "Building Internet Firewalls, 2nd ed." from O'Reilly. I would have volunteered to contribute to the HOWTO, but during the next months my spare time is reduced to a minimum. I will return to the idea when I'm having more time and I look forward reading Martins work and add my thoughts to that. Peter
Re: Help with Firewall section in the Debian Security Manual
Consider that the HOWTO is a "moving target" it might reference packages/software currently available only on testing/unstable. In any case it's ok to comment on netfilter since users can install a 2.4 kernel even if running stable. The Debian Security HOWTO is not directed towards normal users, it's more oriented towards power-users and administrators. Granted, it might give a false sense of how/what security is in stable currently. Maybe I should add a disclaimer somewhere (although difference on distributions are usually commented there too) Regards Javi On Thu, Jan 17, 2002 at 10:29:59PM -0600, Jor-el wrote: > On Wed, 16 Jan 2002, Javier Fernández-Sanguino Peña wrote: > > > > > Both should point to other sites regarding general info (what a firewall > > is? what does > > netfilter do?) and not reproduce it (terrible waste of time and difficult > > to maintain > > up to date). > > > Javier, > > Is it really wise to talk about netfilter in a "Debian Security > HOWTO"? After all, the stable distribution of Debian (which is what > newbies will and should use), uses the 2.2 kernel which doesnt support > netfilter. Perhaps if you want to talk about iptables based firewalling, > you are really targetting users running testing / unstable, and thus you > are talking about a "Debian testing / unstable Security HOWTO". > > Regards, > Jor-el > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] --
Re: Help with Firewall section in the Debian Security Manual
On Friday, 18. January 2002 05:29, Jor-el wrote: > On Wed, 16 Jan 2002, Javier Fernández-Sanguino Peña wrote: > > Both should point to other sites regarding general info (what a firewall > > is? what does netfilter do?) and not reproduce it (terrible waste of time > > and difficult to maintain up to date). > > Is it really wise to talk about netfilter in a "Debian Security > HOWTO"? After all, the stable distribution of Debian (which is what > newbies will and should use), uses the 2.2 kernel which doesnt support > netfilter. Do you think newbies would start with build their own firewall scripts? I don't. Having build a ipchains script, and having upgraded to iptables lately I would say that iptables required a much more sane script. I would like to have a bit more talk about firewall concepts and security background information than an packet-filter script implementation in the HOWTO. I think there are enough example script available on the net, and all the information I needed to write my script was in "Building Internet Firewalls, 2nd ed." from O'Reilly. I would have volunteered to contribute to the HOWTO, but during the next months my spare time is reduced to a minimum. I will return to the idea when I'm having more time and I look forward reading Martins work and add my thoughts to that. Peter -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Help with Firewall section in the Debian Security Manual
Consider that the HOWTO is a "moving target" it might reference packages/software currently available only on testing/unstable. In any case it's ok to comment on netfilter since users can install a 2.4 kernel even if running stable. The Debian Security HOWTO is not directed towards normal users, it's more oriented towards power-users and administrators. Granted, it might give a false sense of how/what security is in stable currently. Maybe I should add a disclaimer somewhere (although difference on distributions are usually commented there too) Regards Javi On Thu, Jan 17, 2002 at 10:29:59PM -0600, Jor-el wrote: > On Wed, 16 Jan 2002, Javier Fernández-Sanguino Peña wrote: > > > > > Both should point to other sites regarding general info (what a firewall is? what >does > > netfilter do?) and not reproduce it (terrible waste of time and difficult to >maintain > > up to date). > > > Javier, > > Is it really wise to talk about netfilter in a "Debian Security > HOWTO"? After all, the stable distribution of Debian (which is what > newbies will and should use), uses the 2.2 kernel which doesnt support > netfilter. Perhaps if you want to talk about iptables based firewalling, > you are really targetting users running testing / unstable, and thus you > are talking about a "Debian testing / unstable Security HOWTO". > > Regards, > Jor-el > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Help with Firewall section in the Debian Security Manual
On Wed, 16 Jan 2002, Javier Fernández-Sanguino Peña wrote: > > Both should point to other sites regarding general info (what a firewall is? > what does > netfilter do?) and not reproduce it (terrible waste of time and difficult to > maintain > up to date). > Javier, Is it really wise to talk about netfilter in a "Debian Security HOWTO"? After all, the stable distribution of Debian (which is what newbies will and should use), uses the 2.2 kernel which doesnt support netfilter. Perhaps if you want to talk about iptables based firewalling, you are really targetting users running testing / unstable, and thus you are talking about a "Debian testing / unstable Security HOWTO". Regards, Jor-el
Re: Help with Firewall section in the Debian Security Manual
On Wed, 16 Jan 2002, Javier Fernández-Sanguino Peña wrote: > > Both should point to other sites regarding general info (what a firewall is? what >does > netfilter do?) and not reproduce it (terrible waste of time and difficult to maintain > up to date). > Javier, Is it really wise to talk about netfilter in a "Debian Security HOWTO"? After all, the stable distribution of Debian (which is what newbies will and should use), uses the 2.2 kernel which doesnt support netfilter. Perhaps if you want to talk about iptables based firewalling, you are really targetting users running testing / unstable, and thus you are talking about a "Debian testing / unstable Security HOWTO". Regards, Jor-el -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Help with Firewall section in the Debian Security Manual
also sprach Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> [2002.01.16.1905 +0100]: > On Wed, Jan 16, 2002 at 04:19:31PM +0100, martin f krafft wrote: > > > > got ya. i'll think about it. deadlines? > > None really. However, less than a month would be nice :) :( i don't think i can make that. i'll see. up until the end of february, i am really busy... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "time flies like an arrow. fruit flies like a banana." -- groucho marx pgp2n9b0OhwQb.pgp Description: PGP signature
Re: Help with Firewall section in the Debian Security Manual
On Wed, Jan 16, 2002 at 04:19:31PM +0100, martin f krafft wrote: > > got ya. i'll think about it. deadlines? None really. However, less than a month would be nice :) Javi
Re: Help with Firewall section in the Debian Security Manual
also sprach Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> [2002.01.16.1905 +0100]: > On Wed, Jan 16, 2002 at 04:19:31PM +0100, martin f krafft wrote: > > > > got ya. i'll think about it. deadlines? > > None really. However, less than a month would be nice :) :( i don't think i can make that. i'll see. up until the end of february, i am really busy... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck "time flies like an arrow. fruit flies like a banana." -- groucho marx msg05323/pgp0.pgp Description: PGP signature
Re: Help with Firewall section in the Debian Security Manual
On Wed, Jan 16, 2002 at 04:19:31PM +0100, martin f krafft wrote: > > got ya. i'll think about it. deadlines? None really. However, less than a month would be nice :) Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Help with Firewall section in the Debian Security Manual
also sprach Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> [2002.01.16.1522 +0100]: > Can anyone volunteer? i might... > - a section host-oriented on how to setup firewall rules as a "last > line of defense" (that's the one I have started writting) talking, > basicly, on Debian-specific issues (tools available, which ones to > use?). what tools are there but iptables/ipchains/ipfwadm? frontends? then i am not the right person. i don't believe in frontends... > - a *chapter* (server-oriented) on how to setup a firewall using > Debian GNU/Linux. Regarding: firewall setup, administration, logging, > detection of alarms... One very useful section would setting up a > proxy-level firewall (using software available in Debian). mh. sounds better. > Both should point to other sites regarding general info (what a > firewall is? what does netfilter do?) and not reproduce it (terrible > waste of time and difficult to maintain up to date). got ya. i'll think about it. deadlines? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] si l'on sait exactement ca que l'on va faire, a quoi bon le faire? -- pablo picasso pgpu3dKuJBbEs.pgp Description: PGP signature
Help with Firewall section in the Debian Security Manual
I would appreciate it somebody volunteered to write a "firewalling in Debian GNU/Linux" section for the "Debian Security HOWTO". I have just commited to the CVS server (should be readable in the web tomorrow) a small section regarding it but there's a lot of room for improvement. Can anyone volunteer? I would like: - a section host-oriented on how to setup firewall rules as a "last line of defense" (that's the one I have started writting) talking, basicly, on Debian-specific issues (tools available, which ones to use?). - a *chapter* (server-oriented) on how to setup a firewall using Debian GNU/Linux. Regarding: firewall setup, administration, logging, detection of alarms... One very useful section would setting up a proxy-level firewall (using software available in Debian). Both should point to other sites regarding general info (what a firewall is? what does netfilter do?) and not reproduce it (terrible waste of time and difficult to maintain up to date). Anyone? Javier Fernández-Sanguino Peña
Re: Help with Firewall section in the Debian Security Manual
also sprach Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> [2002.01.16.1522 +0100]: > Can anyone volunteer? i might... > - a section host-oriented on how to setup firewall rules as a "last > line of defense" (that's the one I have started writting) talking, > basicly, on Debian-specific issues (tools available, which ones to > use?). what tools are there but iptables/ipchains/ipfwadm? frontends? then i am not the right person. i don't believe in frontends... > - a *chapter* (server-oriented) on how to setup a firewall using > Debian GNU/Linux. Regarding: firewall setup, administration, logging, > detection of alarms... One very useful section would setting up a > proxy-level firewall (using software available in Debian). mh. sounds better. > Both should point to other sites regarding general info (what a > firewall is? what does netfilter do?) and not reproduce it (terrible > waste of time and difficult to maintain up to date). got ya. i'll think about it. deadlines? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck si l'on sait exactement ca que l'on va faire, a quoi bon le faire? -- pablo picasso msg05313/pgp0.pgp Description: PGP signature
Help with Firewall section in the Debian Security Manual
I would appreciate it somebody volunteered to write a "firewalling in Debian GNU/Linux" section for the "Debian Security HOWTO". I have just commited to the CVS server (should be readable in the web tomorrow) a small section regarding it but there's a lot of room for improvement. Can anyone volunteer? I would like: - a section host-oriented on how to setup firewall rules as a "last line of defense" (that's the one I have started writting) talking, basicly, on Debian-specific issues (tools available, which ones to use?). - a *chapter* (server-oriented) on how to setup a firewall using Debian GNU/Linux. Regarding: firewall setup, administration, logging, detection of alarms... One very useful section would setting up a proxy-level firewall (using software available in Debian). Both should point to other sites regarding general info (what a firewall is? what does netfilter do?) and not reproduce it (terrible waste of time and difficult to maintain up to date). Anyone? Javier Fernández-Sanguino Peña -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]