Erick Arturo Perez Huemer wrote: > > I am about to install a RedHat 8.0 box with iptables to act as our > firewall for our internal network that consists of 20 machines. > > Besides doing a -j drop on our external interface when receives a packet > with source equal to our internal network, what other measures we have > to take? > > We do host an SMTP server but nothing else. I have read about blocking > 10.x.x.x addresses but also read that "some" routers/sites use those > addresses. Any anti-DoS rules? More settings? > > Or maybe a link to a site that offers suggestion for proper firewall > configurations.... > > Thanks in advance, > > Erick.
Why not take a look at Tom Eastep's Shorewall: http://www.shorewall.net/ Excellent documentation available, along with the author's reliable support on the mailing lists which cover anything having to do with configuring an iptables/firewall box like yours. Best regards, -- Patrick Benson Stockholm, Sweden