[CLUE-Tech] Linux Firewalling
Timothy C. Klein
teece at silverklein.net
Sat Feb 10 21:28:44 MST 2001
I could email you a copy of my firewall script. It seems to work well.
I too run a DSL, with http, smtp, and DNS. Oh yeah, and NFS (although I
might me ditching that soon. My ipchains script is pretty well tested
(kernel 2.2), but my iptables script is not. I haven't poored over it
yet, as I am not yet running 2.4.
Let me know if I should email it to you.
TIM
On Sat, Feb 10, 2001 at 03:52:59PM -0700, Jeremiah Stanley wrote:
> I know there has been quite a bit of discussion on this list about this
> but I am wanting to add another layer of security to my network. Currently
> I am using xinetd to protect my dangling services and SSL/SSH to encrypt
> all other network traffic (over DSL).
>
> The box that needs to be firewalled/have packets filtered runs Apache
> (port 80 and 443), imap and pop3, nfs (which I would like to restrict to
> my subnet), ssh, mysql, dns, sendmail and a game called dopewars (runs on
> port 7902). All other ports I would like to have reject traffic. I have
> one IP and one NIC.
>
> Does anybody have any examples of a similar configuration that I can take
> a look at? I've read the howto's on firewalling and ipchains, and while
> they are good references they talk mostly about masquerading and that
> isn't something that I'm doing with this box.
>
> Also once I have this setup what tools are good to test with? I know of
> nmap as a port scanner and not much else in this area.
>
> Thanks,
> Jeremiah Stanley
> --
> A witty saying proves nothing.
> -- Voltaire
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
--
===================================================================
== Timothy Klein || And what rough beast ==
== teece at hypermall.net || Its hour come round at last ==
== Aufwiedersehen! || Slouches towards Bethlehem to be born? ==
== Aufwiedersehen! || The beast of Redmond, nothing more. ==
===================================================================
More information about the clue-tech
mailing list