[CLUE-Tech] I need a Linux Firewall
Adam Bultman
adamb at glaven.org
Thu Jul 3 11:19:23 MDT 2003
> > I'm setting up a few servers in a new co-location. Can anyone recommend
> > a good Linux firewall solution? We are trying to cut costs, so I
> > thought I would see what is out there before I go buy something horribly
> > expensive.
>
Since I can't afford to have all my machines behind a single firewall (for
redundancy reasons: why have redundant web servers, etc if your firewall
goes down, and you can't get to them anyway?) I use portsentry on my
linux boxes. It's a bit more overhead, but as long as your lock down your
machine (turn off unnecessary services) portsentry is good enough. In
stealth mode, it will block people who attempt to access non-open ports
with iptables.
You can potentially block 'good' people that do 'naughty' things, but I've
been running it for over 8 months and I've had exactly two complaints.
It's a bit more overhead, but if you script the iptable purging, it's
easy.
Adam
More information about the clue-tech
mailing list