[ale] recommendations for a..... standalone Linux security firewall...

Chris Kleeschulte chris.kleeschulte at it.libertydistribution.com
Wed Nov 5 09:16:30 EST 2008


On Nov 14, 2008, at 1:49 AM, Courtney Thomas wrote:

> Greetings !
>
> I want to use a standalone Linux box, possibly running from a CD and  
> through
> which all must pass, at least from the internet, that will be a  
> firewall for
> my home LAN. But if running from a CD gains nothing, forget it. I have
> several older idle boxes if they'd suffice. I can also go wired or  
> wireless,
> and am receptive to any setup.
>
> What recommendation(s) do you have for such a box, please ?
>
> I'd like it to be simple, if possible, as I doubt the KGB (or  
> whatever they
> call themselves now) are going to put a lot into seeing what I'm up  
> to.
>
> I don't so much need 'secure communications' as I've now given up
> moonlighting for the KGB, but simply want to keep internet intruders  
> off my
> home LAN.
>
> But if actually it's not significantly more difficult to set this up  
> to be a
> 'real handful' than to just minimally put something in the  
> way......then of
> course I'd be pleased to lock out the U.S. government which has  
> damaged and
> further threatens our future well being way more than the Russians  
> ever
> dreamed of accomplishing   :-)   Sorry, but I can't remember the
> Communications Act that has been inflicted on U.S. citizens creating  
> an
> opaque, furtive, and uncontrolled power to surveil you. The only  
> thing I
> want to hide from government is my freedom and privacy.

If that is not inviting many many threads on this list, I do not know  
what is. I would use Pfsense...it has worked smashingly for me and is  
very friendly to work with, although it is technically FreeBSD and not  
Linux. I prefer iptables to pf myself, but after using pfsense for  
awhile, I am sold on it. The developers did a bang up job,

As for the "Communications Act", I assume you mean Patriot Act or  
something equally inflammatory to certain groups. Most security  
measures people take are to make sure they are not "low hanging fruit"  
for those who would do them harm. If you use stateful packet  
inspection, do not allow syn packets in from the wan, use host and  
network based intrusion detection and a security scanner like nessus,  
then you have raised your prospects of being harmed to very low.  
Simply reviewing the logs on your firewall is way ahead of most  
people. I like to focus on outbound traffic from my network since this  
traffic is more liberally allowed out by me.



>
>
> Once more, appreciatively,
>
> Courtney
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale



More information about the Ale mailing list