[CLUE-Tech] a more sophisticated firewall?
adam
adam_bultman at gmx.net
Sun Dec 23 09:37:03 MST 2001
I've found that OpenBSD, while not linux, is the best con sarn
router/firewall there is. Nat takes a few minutes to set up, a few more if
you want specific rules for port forwarding. Firewalling is a snap, too--
and you can deny ranges of IPs, specific ports, packet types, etc. It has a
tiny little footprint, too, so putting it on a 1 GB drive is well more than
enough. I've found that the simplicity and power of OpenBSD makes it a far
better choice than Linux. I have friends who tout the superiority of
linux's iptables firewalls-- but their lists of rules are enormous. My
OpenBSD firewall has what-- 17 lines in it? It blocks the standard RFC 1918
(I think) IP addresses, blocks incoming netBIOS, logs S/SA packets, and
passes in to internal IPs sendmail, www, and ssh. works like a total gem.
I love it. You can download a pre-configureed firewall (hardly necessary,
there is very little "open" by default) and drop it in. 15 minutes of
staring at it and you will understand how it works. I have friends who
swear by it, I swear by it, too. Plus, you get your hands dirty with
another distro that you may come to love.
Mine runs on a PPro 200MHz. 64 MB ram. 1 GB hard drive. Lots of extra
space. woo!
----- Original Message -----
From: "Dave Price" <davep at kinaole.org>
To: <clue-tech at clue.denver.co.us>
Sent: Saturday, December 22, 2001 7:11 PM
Subject: [CLUE-Tech] a more sophisticated firewall?
> team,
>
> i have looked thru the docs, and a couple of features I would like for
> my firewall still elude me.
>
> 1> denying any connections from specific IP addresses / ranges. Just
> drop the connection and log the attempt - mostly for my ninja-ridden
> qwest neighbors who keep trying to connect.
>
> 2> passing specific ports to 'private' addresses inside the firewall. I
> have NAT working, but I would like to start passing SMTP and WWW ports
> to boxes behind the NAT.
>
> Any pointers or URL's would be appreciated.
>
> aloha (and TIA),
> dave
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
More information about the clue-tech
mailing list