On Thu, Feb 07, 2002 at 03:16:41AM -0500, Jeff Bonner wrote:
> I would like some input as to which script(s) the reader considers the
> most secure vs ease of use. The one I'm leaning towards is Monmotha's
> [http://monmotha.mplug.org/firewall/firewall/2.3/rc.firewall-2.3.8-pre4]
> .
> It seems t
Jeff,
I have found an incredibly simple system, that some day should be put into
a debian package. it's call "agt" and can be found at
http://sourceforge.net/projects/agt/
It installs the configuration files in /boot/fw and they are very well
commented as to the format required. Read them, the
Jeff,
may I recommend
http://sourceforge.net/tracker/index.php?func=detail&aid=482935&group_id=13391&atid=113391
It explains why agt is no longer in Debian.
Niall
Loren Jordan wrote:
Jeff,
I have found an incredibly simple system, that some day should be put
into a debian package. it's call "ag
This is a real bummer, I guess I will look at another of the simple
packages. I'm running agt on quite a few machines I have built for friends
on cable modems/dsl and at my last job...
Loren
BTW: I did find that seg-fault error and after that, simply made sure I had
an extra blank line in all
At 2002-02-07 13:42 -0500, Loren Jordan wrote:
This is a real bummer, I guess I will look at another of the simple
packages. I'm running agt on quite a few machines I have built for
friends on cable modems/dsl and at my last job...
Loren,
You might want to take a look at Shorewall.
http://www.s
-BEGIN PGP SIGNED MESSAGE-
Hi Loren :-)
Am Donnerstag, 7. Februar 2002 19:42 sprach Loren Jordan:
> I guess I will look at another of the simple
> packages
Maybe NARC is what you're looking for - it's slightly paranoid, but well
documented -> http://www.knowplace.org/netfilter/narc.html
also sprach Jeff Bonner <[EMAIL PROTECTED]> [2002.02.07.0916 +0100]:
> Since I offer no services (yet), the goal is to make this IP address
> invisible to port scans and other grotesques from the internet, while
> interfering as little as possible with a variety of protocols that the
> internal mac
also sprach Gareth Bowker <[EMAIL PROTECTED]> [2002.02.07.1017 +0100]:
> If you're worried about missing stuff out, you could start with a firewall
> that defaults everything to DROP and go from there...
good point. any-any-any-DROP is what i call the base firewall. there
is *no* argument for a fi
On 8 Feb 2002 01:51 PM, martin f krafft wrote:
>> I also experimented with FWBuilder [http://www.fwbuilder.org]
>> which is available directly as a .deb package. While it looks
>> very capable, I'd essentially have to design the firewall from
>> scratch. Since I might miss something, I've ruled
On 7 Feb 2002 04:17 AM, Gareth Bowker wrote:
> You might also want to look at the 'ferm' package. [...]
To save bandwidth, I'll just thank everyone via this one message who
responded with suggestions on the list. I'm taking a look at all of
these options (including writing it myself) and they h
On Fri, Feb 08, 2002 at 10:45:15PM -0500, Jeff Bonner wrote:
...
> Last but not least, it's difficult to gauge my success (or failure)
> because I can't use a machine *outside* the firewall to run nmap against
> this setup. Yes, I do have another system with Linux, but it's not
> located right nex
On Fri, Feb 08, 2002 at 07:51:43PM +0100, martin f krafft wrote:
> also sprach Gareth Bowker <[EMAIL PROTECTED]> [2002.02.07.1017 +0100]:
> > If you're worried about missing stuff out, you could start with a firewall
> > that defaults everything to DROP and go from there...
>
> good point. any-any
also sprach Jeff Bonner <[EMAIL PROTECTED]> [2002.02.09.0445 +0100]:
> Well, ideally I would understand everything about my firewall, yes. And
> writing the script would certainly result in my knowing exactly what it
> does. That having been said, I don't want to have the network in a
> state of
13 matches
Mail list logo
