also sprach Jeff Bonner <[EMAIL PROTECTED]> [2002.02.09.0445 +0100]:
> Well, ideally I would understand everything about my firewall, yes. And
> writing the script would certainly result in my knowing exactly what it
> does. That having been said, I don't want to have the network in a
> state of
On Fri, Feb 08, 2002 at 07:51:43PM +0100, martin f krafft wrote:
> also sprach Gareth Bowker <[EMAIL PROTECTED]> [2002.02.07.1017 +0100]:
> > If you're worried about missing stuff out, you could start with a firewall
> > that defaults everything to DROP and go from there...
>
> good point. any-any
On Fri, Feb 08, 2002 at 10:45:15PM -0500, Jeff Bonner wrote:
...
> Last but not least, it's difficult to gauge my success (or failure)
> because I can't use a machine *outside* the firewall to run nmap against
> this setup. Yes, I do have another system with Linux, but it's not
> located right nex
On 7 Feb 2002 04:17 AM, Gareth Bowker wrote:
> You might also want to look at the 'ferm' package. [...]
To save bandwidth, I'll just thank everyone via this one message who
responded with suggestions on the list. I'm taking a look at all of
these options (including writing it myself) and they h
On 8 Feb 2002 01:51 PM, martin f krafft wrote:
>> I also experimented with FWBuilder [http://www.fwbuilder.org]
>> which is available directly as a .deb package. While it looks
>> very capable, I'd essentially have to design the firewall from
>> scratch. Since I might miss something, I've ruled
also sprach Gareth Bowker <[EMAIL PROTECTED]> [2002.02.07.1017 +0100]:
> If you're worried about missing stuff out, you could start with a firewall
> that defaults everything to DROP and go from there...
good point. any-any-any-DROP is what i call the base firewall. there
is *no* argument for a fi
also sprach Jeff Bonner <[EMAIL PROTECTED]> [2002.02.07.0916 +0100]:
> Since I offer no services (yet), the goal is to make this IP address
> invisible to port scans and other grotesques from the internet, while
> interfering as little as possible with a variety of protocols that the
> internal mac
-BEGIN PGP SIGNED MESSAGE-
Hi Loren :-)
Am Donnerstag, 7. Februar 2002 19:42 sprach Loren Jordan:
> I guess I will look at another of the simple
> packages
Maybe NARC is what you're looking for - it's slightly paranoid, but well
documented -> http://www.knowplace.org/netfilter/narc.html
At 2002-02-07 13:42 -0500, Loren Jordan wrote:
This is a real bummer, I guess I will look at another of the simple
packages. I'm running agt on quite a few machines I have built for
friends on cable modems/dsl and at my last job...
Loren,
You might want to take a look at Shorewall.
http://www.s
This is a real bummer, I guess I will look at another of the simple
packages. I'm running agt on quite a few machines I have built for friends
on cable modems/dsl and at my last job...
Loren
BTW: I did find that seg-fault error and after that, simply made sure I had
an extra blank line in all
Jeff,
may I recommend
http://sourceforge.net/tracker/index.php?func=detail&aid=482935&group_id=13391&atid=113391
It explains why agt is no longer in Debian.
Niall
Loren Jordan wrote:
Jeff,
I have found an incredibly simple system, that some day should be put
into a debian package. it's call "ag
Jeff,
I have found an incredibly simple system, that some day should be put into
a debian package. it's call "agt" and can be found at
http://sourceforge.net/projects/agt/
It installs the configuration files in /boot/fw and they are very well
commented as to the format required. Read them, the
On Thu, Feb 07, 2002 at 03:16:41AM -0500, Jeff Bonner wrote:
> I would like some input as to which script(s) the reader considers the
> most secure vs ease of use. The one I'm leaning towards is Monmotha's
> [http://monmotha.mplug.org/firewall/firewall/2.3/rc.firewall-2.3.8-pre4]
> .
> It seems t
I'm replacing my current ipchains-based firewall, which serves a small
internal LAN of 3 machines, with one that runs iptables/netfilter.
Since I offer no services (yet), the goal is to make this IP address
invisible to port scans and other grotesques from the internet, while
interfering as little
14 matches
Mail list logo