[CLUE-Tech] I need a Linux Firewall
Jed S. Baer
thag at frii.com
Thu Jul 3 12:06:26 MDT 2003
On Thu, 3 Jul 2003 10:38:10 +0100
"Rich Whitaker" <Rich.Whitaker at samsungcontact.com> wrote:
> Hello everyone,
> I'm setting up a few servers in a new co-location. Can anyone recommend
> a good Linux firewall solution? We are trying to cut costs, so I
> thought I would see what is out there before I go buy something horribly
> expensive.
Well, there's always Coyote Linux. It uses the 2.2 kernel, so you get
IPchains, not the newer IPtables. The main difference is that IPtables is
"stateful", and so is more flexible. I don't remember whether Zonker has a
presentation file available from his presentation at last month's CLUE
meeting on Coyote.
Actually, you can configure any linux Distro to be a firewall. The
pre-packaged ones have some canned admin tools bundled with them. I'd
guess the same tools, or similar, can be had as RPMs or APT packages, etc.
To make a box setup that way a little less vulnerable, you could also
mount /usr, /boot, and /etc read-only (once it's configured), and use
Bastille to harden the box. Yeah, I know, if someone roots the box,
remounting partitions isn't a big challenge, but every little bit helps.
Of course, you can build your own boot floppy, and make it write
protected.
I've only briefly looked here, but it seems like there's a lot of stuff:
http://www.linuxsecurity.com/resources/firewalls-1.html
jed
--
I wouldn't even think about bribing a rottweiler with a steak that
didn't weigh more than I do. -- Jason Earl
More information about the clue-tech
mailing list