[ale] recommendations for a..... standalone Linux securityfirewall...

Courtney Thomas courtneycthomas at bellsouth.net
Wed Nov 5 10:08:14 EST 2008


Please see insertions below:




----- Original Message ----- 
From: "Chris Kleeschulte" <chris.kleeschulte at it.libertydistribution.com>
To: <ale at ale.org>
Sent: Wednesday, November 05, 2008 9:16 AM
Subject: Re: [ale] recommendations for a..... standalone Linux
securityfirewall...


> On Nov 14, 2008, at 1:49 AM, Courtney Thomas wrote:
>
> > Greetings !
> >
> > I want to use a standalone Linux box, possibly running from a CD and
> > through
> > which all must pass, at least from the internet, that will be a
> > firewall for
> > my home LAN. But if running from a CD gains nothing, forget it. I have
> > several older idle boxes if they'd suffice. I can also go wired or
> > wireless,
> > and am receptive to any setup.
> >
> > What recommendation(s) do you have for such a box, please ?
> >
> > I'd like it to be simple, if possible, as I doubt the KGB (or
> > whatever they
> > call themselves now) are going to put a lot into seeing what I'm up
> > to.
> >
> > I don't so much need 'secure communications' as I've now given up
> > moonlighting for the KGB, but simply want to keep internet intruders
> > off my
> > home LAN.
> >
> > But if actually it's not significantly more difficult to set this up
> > to be a
> > 'real handful' than to just minimally put something in the
> > way......then of
> > course I'd be pleased to lock out the U.S. government which has
> > damaged and
> > further threatens our future well being way more than the Russians
> > ever
> > dreamed of accomplishing   :-)   Sorry, but I can't remember the
> > Communications Act that has been inflicted on U.S. citizens creating
> > an
> > opaque, furtive, and uncontrolled power to surveil you. The only
> > thing I
> > want to hide from government is my freedom and privacy.
>
> If that is not inviting many many threads on this list, I do not know
> what is. I would use Pfsense...it has worked smashingly for me and is
> very friendly to work with, although it is technically FreeBSD and not
> Linux.

Chris,

Is it therefore required to first run FreeBSD which provides pfsense ?

I prefer iptables to pf myself, but after using pfsense for
> awhile, I am sold on it.

Why, as opposed to iptables ?

The developers did a bang up job,
>
> As for the "Communications Act", I assume you mean Patriot Act or
> something equally inflammatory to certain groups.

No. I was referring to a Communications Act which I believe was enacted in
'94
which gives the [basically] white house unrestrained police state powers to
spy
on U.S. citizens without recourse or due process. Eisenhower warned of the
threat of the military industrial complex as, I believe, his last official
words to
U.S. citizenry.

Most security
> measures people take are to make sure they are not "low hanging fruit"
> for those who would do them harm. If you use stateful packet
> inspection, do not allow syn packets in from the wan, use host and
> network based intrusion detection and a security scanner like nessus,
> then you have raised your prospects of being harmed to very low.

Is nessus to be used in addition to or a suggested substitute for a firewall
or is it
regarded as a firewall ?


> Simply reviewing the logs on your firewall is way ahead of most
> people. I like to focus on outbound traffic from my network since this
> traffic is more liberally allowed out by me.
>

Understood. If they get in who cares ? The problem is, what they do once in.

Thank you for your offerings,

Courtney


>
>
> >
> >
> > Once more, appreciatively,
> >
> > Courtney
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale



More information about the Ale mailing list