[CLUE-Tech] Linux Firewalling

Timothy C. Klein teece at silverklein.net
Sat Feb 10 21:28:44 MST 2001 

I could email you a copy of my firewall script.  It seems to work well.
I too run a DSL, with http, smtp, and DNS.  Oh yeah, and NFS (although I
might me ditching that soon.  My ipchains script is pretty well tested
(kernel 2.2), but my iptables script is not.  I haven't poored over it
yet, as I am not yet running 2.4.

Let me know if I should email it to you.

TIM

On Sat, Feb 10, 2001 at 03:52:59PM -0700, Jeremiah Stanley wrote:
> I know there has been quite a bit of discussion on this list about this
> but I am wanting to add another layer of security to my network. Currently
> I am using xinetd to protect my dangling services and SSL/SSH to encrypt
> all other network traffic (over DSL).
> 
> The box that needs to be firewalled/have packets filtered runs Apache
> (port 80 and 443), imap and pop3, nfs (which I would like to restrict to
> my subnet), ssh, mysql, dns, sendmail and a game called dopewars (runs on
> port 7902). All other ports I would like to have reject traffic. I have
> one IP and one NIC.
> 
> Does anybody have any examples of a similar configuration that I can take
> a look at? I've read the howto's on firewalling and ipchains, and while
> they are good references they talk mostly about masquerading and that
> isn't something that I'm doing with this box.
> 
> Also once I have this setup what tools are good to test with? I know of
> nmap as a port scanner and not much else in this area.
> 
> Thanks,
> Jeremiah Stanley
> -- 
> A witty saying proves nothing.
> 		-- Voltaire
> 
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
> 

-- 
===================================================================
== Timothy Klein       || And what rough beast                   ==
== teece at hypermall.net || Its hour come round at last            ==
== Aufwiedersehen!     || Slouches towards Bethlehem to be born? ==
== Aufwiedersehen!     || The beast of Redmond, nothing more.    ==
===================================================================

More information about the clue-tech mailing list