[ale] Lets design a firewall "baseline"....

Leonard Thornton Leonard at Intelis-inc.net
Wed Oct 3 10:12:51 EDT 2001


Numerous people (like myself) still have production boxen running Redhat 
6.x (2.2.x kernel) with ipchains.  While I would like to convert everything 
to 2.4.x kernel and iptables, that is not realistic right now.  Therefore 
an ipchains sections is a necessity for a lot of us.

I'm willing to work on the ipchains stuff as well as the iptables, though I 
don't know dip about iptables (yet).....

At 12:38 PM 10/2/2001 -0600, Robert L. Harris wrote:


>Which tool would be compatable for iptables?  ipchains, ipfw or 
>ipfwadm.  Out of
>simplicity sake, I'd rather not have ipchains modules, converters etc that 
>have
>to be maintained every kernel as I have enough of those to keep up with 
>for VPN and
>some other projects.
>
>Robert
>
>
>
>Thus spake Chris Ricker (kaboom at gatech.edu):
>
> > On Tue, 2 Oct 2001, Robert L. Harris wrote:
> >
> > >
> > > In the past I've sent friends and coworkers copies of my firewall script.
> > > It's a pretty simple iptables script.  In it I have it pretty tightened
> > > up, or so I think.  I have certain areas marked "This area allows DNS
> > > queries against our servers", "This entry allows ident to hit our server"
> > > and tell people, uncomment this section if you need this service.
> > >
> > > It's worked pretty well so far and been easy to maintain.
> > >
> > > Would anyone be interested in creating a "generic" template of sorts?
> > > This way when someone sends "hey, I need a firewall" we can point them
> > > at the achives, or even forward them a current "master" copy?
> >
> > Check out
> >
> > <http://www.linux-firewall-tools.com/linux/>
> >
> > It's by the guy who wrote the book "Linux Firewalls", and it has a nice 
> CGI
> > to generate firewalls based on the user's exact needs.  I've tried a 
> couple
> > of different test submissions, and the firewalls it gave me back looked
> > mostly sane....
> >
> > later,
> > chris
> >
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in 
> message body.
>
>
>
>:wq!
>---------------------------------------------------------------------------
>Robert L. Harris                |  Micros~1 :
>Senior System Engineer          |    For when quality, reliability
>   at RnD Consulting             |      and security just aren't
>                                 \_       that important!
>DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
>FYI:
>  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
>
>--
>To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message 
>body.

The difficult while you wait.....the impossible overnight.

Leonard Thornton
Intelis, Inc.
5960 Crooked Creek Rd
Suite 30
Norcross, GA  30092

Office: 770.825.0032
Fax:            770.825.0028
Cellular:       404.583.5402
Pager:          888.785.9188
Email:          Leonard at Intelis-Inc.net
http://www.intelis-inc.com
http://www.intelis-inc.net







More information about the Ale mailing list