RE: Linux firewall options

From: Neal Human (nhumanat_private)
Date: Tue Jan 25 2000 - 08:12:35 PST

Next message: S. Jonah Pressman: "Re: Attack on port 2140??"

Previous message: Nicholas Tang: "Binding inetd to ip"
Maybe in reply to: Mayne, Peter: "Linux firewall options"
Next in thread: Kurt Buff: "RE: Linux firewall options"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am currently building a firewall based on SuSE Linux.
They have a set of tools, One is a "hardening" script, and the other is a
configurable firewall, of sorts. You can pick between IP/MASQ or proxying,
and other things.
There are also other security related scripts.
Here is the link to the guy who maintains the scripts:
http://www.suse.de/~marc/

Hope this helps, I havent finished my firewall yet, but so far it looks good
if you need
a Linux solution.

-----Original Message-----
From: Joseph S D Yao [mailto:jsdyat_private]
Sent: Monday, January 24, 2000 6:49 AM
To: Mayne, Peter
Cc: firewall-wizardsat_private
Subject: Re: Linux firewall options

On Wed, Jan 12, 2000 at 09:05:00AM +0800, Mayne, Peter wrote:
> Given Linux (say RedHat 6.0 or greater) as a base, what options are
> available to build firewalls? Is there a "Linux firewalls" site somewhere?
> 
> ipchains is an obvious place to start for basic packet filtering
> functionality, but I'd prefer something more substantial. I could use
Apache
> or Squid (depending on circumstances) as a Web proxy, for instance.
> 
> I don't think FWTK can be used in a commercial environment because of the
> license restrictions. Is there something similar out there that is
otherwise
> usable?

I know that there are such sites out there.  I don't have them at my
fingertips, though, and I'm sure that there are others that do.

Many commercial sites do use FWTK.  It is a firewall toolkit, though,
and not a firewall.  IIRC, the license prohibits commercial
re-distribution, not commercial use.

Many other sites use ipchains.  Packet filtering only makes me uneasy,
tough.

Apache, Squid, BIND, and Sendmail can all be used as proxies, although
again the sheer complexity of code in, specifically, sendmail may make
it less desirable as a proxy.

-- 
Joe Yao				jsdyat_private - Joseph S. D. Yao
COSPO/OSIS Computer Support					EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.

Next message: S. Jonah Pressman: "Re: Attack on port 2140??"
Previous message: Nicholas Tang: "Binding inetd to ip"
Maybe in reply to: Mayne, Peter: "Linux firewall options"
Next in thread: Kurt Buff: "RE: Linux firewall options"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:05 PDT