[ale] Lets design a firewall "baseline"....

Robert L. Harris Robert.L.Harris at rdlg.net
Wed Oct 3 10:37:33 EDT 2001




We're not invitening or re-inventing anything.  We're taking all the thousands
of sources and saying "Hey, if you want a firewall, here's a starting script
and some included options for an easy start."

Thus spake Charles Marcus (CharlesM at Media-Brokers.com):

> Well, I think, from all of the posts on the subject, that there is ample
> information out there on ipchains, so there is no need to reinvent the
> wheel.
> 
> Maybe you could just link to these other sites, or even 'borrow' the info?
> 
> Charles
> 
> -----Original Message-----
> From: Leonard Thornton [mailto:Leonard at Intelis-inc.net]
> Sent: Wednesday, October 03, 2001 10:13 AM
> To: Robert L. Harris
> Cc: ale at ale.org
> Subject: Re: [ale] Lets design a firewall "baseline"....
> 
> 
> Numerous people (like myself) still have production boxen running Redhat
> 6.x (2.2.x kernel) with ipchains.  While I would like to convert everything
> to 2.4.x kernel and iptables, that is not realistic right now.  Therefore
> an ipchains sections is a necessity for a lot of us.
> 
> I'm willing to work on the ipchains stuff as well as the iptables, though I
> don't know dip about iptables (yet).....
> 
> At 12:38 PM 10/2/2001 -0600, Robert L. Harris wrote:
> 
> 
> >Which tool would be compatable for iptables?  ipchains, ipfw or
> >ipfwadm.  Out of
> >simplicity sake, I'd rather not have ipchains modules, converters etc that
> >have
> >to be maintained every kernel as I have enough of those to keep up with
> >for VPN and
> >some other projects.
> >
> >Robert
> >
> >
> >
> >Thus spake Chris Ricker (kaboom at gatech.edu):
> >
> > > On Tue, 2 Oct 2001, Robert L. Harris wrote:
> > >
> > > >
> > > > In the past I've sent friends and coworkers copies of my firewall
> script.
> > > > It's a pretty simple iptables script.  In it I have it pretty
> tightened
> > > > up, or so I think.  I have certain areas marked "This area allows DNS
> > > > queries against our servers", "This entry allows ident to hit our
> server"
> > > > and tell people, uncomment this section if you need this service.
> > > >
> > > > It's worked pretty well so far and been easy to maintain.
> > > >
> > > > Would anyone be interested in creating a "generic" template of sorts?
> > > > This way when someone sends "hey, I need a firewall" we can point them
> > > > at the achives, or even forward them a current "master" copy?
> > >
> > > Check out
> > >
> > > <http://www.linux-firewall-tools.com/linux/>
> > >
> > > It's by the guy who wrote the book "Linux Firewalls", and it has a nice
> > CGI
> > > to generate firewalls based on the user's exact needs.  I've tried a
> > couple
> > > of different test submissions, and the firewalls it gave me back looked
> > > mostly sane....
> > >
> > > later,
> > > chris
> > >
> > > --
> > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in
> > message body.
> >
> >
> >
> >:wq!
> >---------------------------------------------------------------------------
> >Robert L. Harris                |  Micros~1 :
> >Senior System Engineer          |    For when quality, reliability
> >   at RnD Consulting             |      and security just aren't
> >                                 \_       that important!
> >DISCLAIMER:
> >       These are MY OPINIONS ALONE.  I speak for no-one else.
> >FYI:
> >  perl -e 'print
> $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> >
> >--
> >To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
> >body.
> 
> The difficult while you wait.....the impossible overnight.
> 
> Leonard Thornton
> Intelis, Inc.
> 5960 Crooked Creek Rd
> Suite 30
> Norcross, GA  30092
> 
> Office: 770.825.0032
> Fax:            770.825.0028
> Cellular:       404.583.5402
> Pager:          888.785.9188
> Email:          Leonard at Intelis-Inc.net
> http://www.intelis-inc.com
> http://www.intelis-inc.net
> 
> 
> 
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.



:wq!
---------------------------------------------------------------------------
Robert L. Harris                |  Micros~1 :  
Senior System Engineer          |    For when quality, reliability 
  at RnD Consulting             |      and security just aren't
                                \_       that important!
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.
FYI:
 perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'






More information about the Ale mailing list