Re: decent non-embeded firewall (my worthless 2 cents)
"Though I suppose since my TV died I don't need a box hooked to my TV until I replace it anyway ;)" And this is a reason/excuse to use t for your firewall, then get a new one with your TV... --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
RE: decent non-embeded firewall (my worthless 2 cents)
OpenSuse has a limited gui in YaST for SuSE firewall that is essentially a frontend for iptables, it seemed fairly easy to use when I last played with it but I didn't care for the ruleset it generated, it seemed to be way too much, and made it nearly impossible to edit the rules manually through iptables. Other than that if you want to do the iptables rules by hand I really strongly recomend gentoo, it leaves out all the extra packages like LFS, you can throught the hardened use flag on revelent packages, and '/etc/init.d/iptables save' and the seems easier/cleaner than maintaining a custom script to me. On Tue, 2009-03-31 at 08:44 -0700, Bryan O'Neal wrote: > It's a home box, rite now I just flip the power switch on my router when I > sit down and maybe a few times while working (when being stormed). > If I have to convert the available box over to a dedicated system then I > may, but I also may just keep manually rebooting the Netgear. It is an > intermittent, but annoying, problem. Though I suppose since my TV died I > don't need a box hooked to my TV until I replace it anyway ;) > > It's mostly a case of the cobblers children having no shoes. I would never > have allow comingled device for my clients, but I don't mind having one for > my self. That and routing should not take that much power, after all high > end embedded are designed to run on a PIII 500, my tv box way out strips > this :) > > As for exposing everything on the network I would only expose one box, the > one running the firewall. Everything else would be sitting behind the > firewall that currently suffers the reboot when flooded problem. > > Basically if I can not find a decent co-mingled product it is better to > suffer the five days a month I have storm issues then to argue home > esthetics with my wife. Although I was looking forward to being able to > running things like snort and squid on the boarder box as well as having > better logging then what my router currently does. However, again, it's not > worth arguing with a pregnant wife that I need to put up another pair of > minitowers, one box as a firewall/router and then another rite next to it as > a proxyserver/monitor and then the router I have now. And then to tell her > she can't surf on the main tv anymore would defiantly not be worth it. > > Please remember, this is my home not a business, each box is independently > firewalled, I encrypt all traffic on my privet net, and all but one box > would sit behind the current firewall appliances. Again, perhaps I am just > an idiot but I don't see how this is so bad? I am guessing there are people > on this list running wireless networks with WAP and not encrypting traffic > between their boxes so having a boarded box not running a dedicated > distribution does not seem like heresy. Can one of the experts tell me > (please) in hard numbers how having a co mingled boarder router that > forwards approved traffic to an internal firewall router that then handles > an internal net where all traffic is encrypted and each box has an internal > firewall is so much worse then the average set up on the this list? Because > I am seriously missing something as I just don't see how this substantially > increases my risk beta. > > > > -Original Message- > From: plug-discuss-boun...@lists.plug.phoenix.az.us > [mailto:plug-discuss-boun...@lists.plug.phoenix.az.us] On Behalf Of > kitepi...@kitepilot.com > Sent: Tuesday, March 31, 2009 3:59 AM > To: Main PLUG discussion list > Subject: Re: decent non-embeded firewall (my worthless 2 cents) > > >> allowing me to keep the box hooked up for its "tv" centric features. > DON'T!!! > > A firewall, is a firewall and is a firewall. > In my perpetually delusional state of paranoia, I don't allow ANYTHING not > indispensable on my firewall. > And even though, I look for ways to eradicate... > > My firewalls run in LFS with ONLY what is essentially needed for the job. > > I even tried once "Debian from Scratch" and could not digest the amount of > junk they insisted on putting in. > > my mantra: > DO NOT USE YOUR FIREWALL FOR ANYTHING ELSE BUT THE FIREWALL. > YMMV > Enrique. > > PS: The fact that I am paranoid doesn't mean that they are not after me... > --- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubsc
RE: decent non-embeded firewall (my worthless 2 cents)
It's a home box, rite now I just flip the power switch on my router when I sit down and maybe a few times while working (when being stormed). If I have to convert the available box over to a dedicated system then I may, but I also may just keep manually rebooting the Netgear. It is an intermittent, but annoying, problem. Though I suppose since my TV died I don't need a box hooked to my TV until I replace it anyway ;) It's mostly a case of the cobblers children having no shoes. I would never have allow comingled device for my clients, but I don't mind having one for my self. That and routing should not take that much power, after all high end embedded are designed to run on a PIII 500, my tv box way out strips this :) As for exposing everything on the network I would only expose one box, the one running the firewall. Everything else would be sitting behind the firewall that currently suffers the reboot when flooded problem. Basically if I can not find a decent co-mingled product it is better to suffer the five days a month I have storm issues then to argue home esthetics with my wife. Although I was looking forward to being able to running things like snort and squid on the boarder box as well as having better logging then what my router currently does. However, again, it's not worth arguing with a pregnant wife that I need to put up another pair of minitowers, one box as a firewall/router and then another rite next to it as a proxyserver/monitor and then the router I have now. And then to tell her she can't surf on the main tv anymore would defiantly not be worth it. Please remember, this is my home not a business, each box is independently firewalled, I encrypt all traffic on my privet net, and all but one box would sit behind the current firewall appliances. Again, perhaps I am just an idiot but I don't see how this is so bad? I am guessing there are people on this list running wireless networks with WAP and not encrypting traffic between their boxes so having a boarded box not running a dedicated distribution does not seem like heresy. Can one of the experts tell me (please) in hard numbers how having a co mingled boarder router that forwards approved traffic to an internal firewall router that then handles an internal net where all traffic is encrypted and each box has an internal firewall is so much worse then the average set up on the this list? Because I am seriously missing something as I just don't see how this substantially increases my risk beta. -Original Message- From: plug-discuss-boun...@lists.plug.phoenix.az.us [mailto:plug-discuss-boun...@lists.plug.phoenix.az.us] On Behalf Of kitepi...@kitepilot.com Sent: Tuesday, March 31, 2009 3:59 AM To: Main PLUG discussion list Subject: Re: decent non-embeded firewall (my worthless 2 cents) >> allowing me to keep the box hooked up for its "tv" centric features. DON'T!!! A firewall, is a firewall and is a firewall. In my perpetually delusional state of paranoia, I don't allow ANYTHING not indispensable on my firewall. And even though, I look for ways to eradicate... My firewalls run in LFS with ONLY what is essentially needed for the job. I even tried once "Debian from Scratch" and could not digest the amount of junk they insisted on putting in. my mantra: DO NOT USE YOUR FIREWALL FOR ANYTHING ELSE BUT THE FIREWALL. YMMV Enrique. PS: The fact that I am paranoid doesn't mean that they are not after me... --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: decent non-embeded firewall (my worthless 2 cents)
You hit the nail on the head :) Old computers are cheap and firewall distributions are plentiful. Why expose everything in your network to save almost nothing! I like Smoothwall myself. -- JD Austin Twin Geckos Technology Services LLC j...@twingeckos.com 480.288.8195x201 http://www.twingeckos.com Fran Lebowitz - "Life is something to do when you can't get to sleep." On Tue, Mar 31, 2009 at 3:59 AM, kitepi...@kitepilot.com < kitepi...@kitepilot.com> wrote: > >> allowing me to keep the box hooked up for its "tv" centric features. > DON'T!!! > > A firewall, is a firewall and is a firewall. > In my perpetually delusional state of paranoia, I don't allow ANYTHING not > indispensable on my firewall. > And even though, I look for ways to eradicate... > > My firewalls run in LFS with ONLY what is essentially needed for the job. > > I even tried once "Debian from Scratch" and could not digest the amount of > junk they insisted on putting in. > > my mantra: > DO NOT USE YOUR FIREWALL FOR ANYTHING ELSE BUT THE FIREWALL. > YMMV > Enrique. > > PS: The fact that I am paranoid doesn't mean that they are not after me... > --- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: decent non-embeded firewall (my worthless 2 cents)
>> allowing me to keep the box hooked up for its "tv" centric features. DON'T!!! A firewall, is a firewall and is a firewall. In my perpetually delusional state of paranoia, I don't allow ANYTHING not indispensable on my firewall. And even though, I look for ways to eradicate... My firewalls run in LFS with ONLY what is essentially needed for the job. I even tried once "Debian from Scratch" and could not digest the amount of junk they insisted on putting in. my mantra: DO NOT USE YOUR FIREWALL FOR ANYTHING ELSE BUT THE FIREWALL. YMMV Enrique. PS: The fact that I am paranoid doesn't mean that they are not after me... --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
