Erik Wessman wrote:
>
> Mircea:
>
> Ziegler's linux-firewall-tools ruleset is excellent - locked down a lot tighter than
>PMFirewall's.
I used it for more than a year now.I've done quite a few "cool" things
with those
rules.:-)
> A Question: Did you find that Ziegler's dhcp code did not work on a debian based
>installation?
Well,I found that at the time I made my ruleset it didnt detect the IP
from a dhcp server,(fixed that) and it was looking for the dhcp server
using the broadcast adress of the subnet while my ISP is using one of
the DNS's for dhcp,quick fix.
If you have problems I can send you what I changed in the
ruleset,altough
TrinityOS is the best document I've read out there that speaks firewall
in
human_readable form.:-)
> (I am getting around to putting his ruleset back in my firewall/router. I had used
>it for a year or so on Mandrake 6.1, but my old hard disk died a couple of
> weeks ago, and I replaced that with a newer old disk and Corel (Storm wouldn't
>install on that ancient hardware for some reason). I put PMFirewall in as
> a quick, get-started thing - and I was just about to reinstate Ziegler's ruleset
>approach which I like a lot better.)
>
I like it as well,it works.especially combined with
portsentry-stealth,killed portmapper and some paranoid options in
/etc/hosts.deny :-)
My firewall is a base Debian install with the extra packages installed
one by one,no dev packages,exim only for localhost,not even make..a.s.o.
Altough I don't especially care for Corel,I do have a base Corel install
running
as a dhcp server for more than a year now for the same reason.storm
wouldn't boot
on that box and I didn't havea net connection or a Debian CD on the day
I had to bring it up online.It's been reboted only for power
failures.Since it's working
I was too lazy to change it but I wouldn't trust anything but straight
Debian
for a free firewall .
_______________________________________________
Stormlinux-users-list mailing list
[EMAIL PROTECTED]
http://www.stormix.com/community/lists/listinfo/stormlinux-users-list
