[ale] IpTables management?
Bob Toxen
bob at verysecurelinux.com
Wed Oct 1 19:42:01 EDT 2003
On Wed, Oct 01, 2003 at 10:05:55PM +0000, zeb wrote:
> Ryan Neily wrote:
> >I am really struggling with managing 3-4 firewalls with raw IPTables
> >scripts. They are all driving me mad, and I am getting to the point where
> >I am sure that they are not the safest firewall implementations just
> >because the Iptable script it so convoluted and LONG.
> >Anyways, I am looking at different firewall projects that offer iptables
> >functionality through their own implementation. I've found the Shorewall
> >project which looks nice, any others I should look at?
> >I'm spending way too much time implementing iptables changes, rather than
> >getting actual work done!
> While you are looking, include "Coyote Linux". Runs on almost nothing
> in the line of hardware and comes with IPTables scripts that seem to
> lock things down well. The only open port is remote login.
I've not found any good tools for building *good* firewalls with
IP Tables or IP Chains. You certainly can find some that ask you a few
questions and give you a rule set. I would not risk *my* data on them
and recommend that others don't either.
Bob Toxen
bob at verysecurelinux.com [Please use for email to me]
http://www.verysecurelinux.com [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
"Microsoft: Unsafe at any clock speed!"
-- Bob Toxen 10/03/2002
More information about the Ale
mailing list