[ale] Lets design a firewall "baseline"....
Robert L. Harris
Robert.L.Harris at rdlg.net
Wed Oct 3 10:36:22 EDT 2001
I have a maintainer for iptables. You're the first for ipchains. I'll
attach my iptables as a "starting point"
Let me know what Name/Email you want in the "Maintainers" field. My iptables
are pretty straight forward at this point and is just a good starting base to
build from.
Thus spake Leonard Thornton (Leonard at Intelis-inc.net):
> Numerous people (like myself) still have production boxen running Redhat
> 6.x (2.2.x kernel) with ipchains. While I would like to convert everything
> to 2.4.x kernel and iptables, that is not realistic right now. Therefore
> an ipchains sections is a necessity for a lot of us.
>
> I'm willing to work on the ipchains stuff as well as the iptables, though I
> don't know dip about iptables (yet).....
>
> At 12:38 PM 10/2/2001 -0600, Robert L. Harris wrote:
>
>
> >Which tool would be compatable for iptables? ipchains, ipfw or
> >ipfwadm. Out of
> >simplicity sake, I'd rather not have ipchains modules, converters etc that
> >have
> >to be maintained every kernel as I have enough of those to keep up with
> >for VPN and
> >some other projects.
> >
> >Robert
> >
> >
> >
> >Thus spake Chris Ricker (kaboom at gatech.edu):
> >
> >> On Tue, 2 Oct 2001, Robert L. Harris wrote:
> >>
> >> >
> >> > In the past I've sent friends and coworkers copies of my firewall
> >script.
> >> > It's a pretty simple iptables script. In it I have it pretty tightened
> >> > up, or so I think. I have certain areas marked "This area allows DNS
> >> > queries against our servers", "This entry allows ident to hit our
> >server"
> >> > and tell people, uncomment this section if you need this service.
> >> >
> >> > It's worked pretty well so far and been easy to maintain.
> >> >
> >> > Would anyone be interested in creating a "generic" template of sorts?
> >> > This way when someone sends "hey, I need a firewall" we can point them
> >> > at the achives, or even forward them a current "master" copy?
> >>
> >> Check out
> >>
> >> <http://www.linux-firewall-tools.com/linux/>
> >>
> >> It's by the guy who wrote the book "Linux Firewalls", and it has a nice
> >CGI
> >> to generate firewalls based on the user's exact needs. I've tried a
> >couple
> >> of different test submissions, and the firewalls it gave me back looked
> >> mostly sane....
> >>
> >> later,
> >> chris
> >>
> >> --
> >> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in
> >message body.
> >
> >
> >
> >:wq!
> >---------------------------------------------------------------------------
> >Robert L. Harris | Micros~1 :
> >Senior System Engineer | For when quality, reliability
> > at RnD Consulting | and security just aren't
> > \_ that important!
> >DISCLAIMER:
> > These are MY OPINIONS ALONE. I speak for no-one else.
> >FYI:
> > perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> >
> >--
> >To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
> >body.
>
> The difficult while you wait.....the impossible overnight.
>
> Leonard Thornton
> Intelis, Inc.
> 5960 Crooked Creek Rd
> Suite 30
> Norcross, GA 30092
>
> Office: 770.825.0032
> Fax: 770.825.0028
> Cellular: 404.583.5402
> Pager: 888.785.9188
> Email: Leonard at Intelis-Inc.net
> http://www.intelis-inc.com
> http://www.intelis-inc.net
>
:wq!
---------------------------------------------------------------------------
Robert L. Harris | Micros~1 :
Senior System Engineer | For when quality, reliability
at RnD Consulting | and security just aren't
\_ that important!
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
FYI:
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
NAT.sh
More information about the Ale
mailing list