[ale] best FIREWALL product for a home LAN ?
Jim Sculley
niceguyj at comcast.net
Thu Jan 31 17:32:44 EST 2008
Michael B. Trausch wrote:
> On Mon, 2008-01-28 at 19:33 -0500, Courtney Thomas wrote:
>
>> Just finished Bruce Schneier's book Secrets and Lies which inspired me
>> to try to implement a suitable firewall for my home lan which has a
>> variety of machines, MS, FreeBSD, Linux, Apple, etc..
>>
>
> For a home network, the best option is a NAT with nothing port-forwarded
> or DMZ'd. Unless you need something special, that's the best way to go.
> Also just make sure that the external (from the WAN side) management
> interface is disabled.
>
> That can be accomplished through any commodity routing device.
>
> I use iptables on my network, with my network server holding a few
> Internet-exposed ports and everything else dropped.
Ditto here. I used this link to understand how iptables works:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
> Also currently
> dropping packets from several places abroad (got sick of the SSH
> attacks).
>
For that, I use denyhosts:
http://denyhosts.sourceforge.net/
To date there are 24,761 IP addresses in my /etc/hosts.deny file.
You can also use Steve Gibson's hokey 'Shields Up' utility to see what
ports the outside world can access.
http://www.grc.com
More information about the Ale
mailing list