> My suggestion, if you aren't planning on running anything special >on it would be one of the various firewall boot disks or boot cds. The >reason for this is that a hacker who breaks into a boot cd can't change >anything permanently.
Neither can the administrator change anything permanently. If a cracker breaks into your boot cd firewall because of a security flaw then the vulnerability is burned on to the CD and can't be changed. You're firewall is worthless at that point until you can burn another cd with patched programs. With debian, a simple apt-get update and apt-get upgrade will fix known vulnerabilities as the debian security team makes patches available. Cory -----Original Message----- From: Peter Bailey [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 10:29 AM To: EUGLUG Subject: Re: [Eug-lug]linux firewall There are many options here. Depends on what you want it to do, really. My suggestion, if you aren't planning on running anything special on it would be one of the various firewall boot disks or boot cds. The reason for this is that a hacker who breaks into a boot cd can't change anything permanently. If you have any disks in, it's still okay. The disks would then just hold data. Your web server or whatever. In order of ease of use, I'd say Mandrake to Debian to Slackware. I prefer Slackware, but there are very few setup tool style things. You would have to set iptables by yourself and put the ruleset into the boot scripts. Mandrake, I'm sure, has a graphical dealy to set up NAT. ipchains is obsolete. iptables is the 2.4 version. ipchains still works, but iptables encompasses much more. You have to compile support for ipchains into 2.4, too, which may not have been done. I would direct you to the Linux Documentation Project, but I'm not sure where it is. Try a google search and you'll find it. Maybe www.linux.com or linux.org. On Fri, 4 Oct 2002, Rob Hudson wrote: > I'm setting up a firewall/gateway at my house. > > What should I use? IPchains? What's the other option? Isn't there a > standard packet filter for 2.2 and a different one for 2.4? I'm in the > kernel config for 2.4.19 right now and don't see much. > > Pointers to articles to set it up or other info much appreciated. > > Thanks, > Rob > _______________________________________________ > Eug-LUG mailing list > [EMAIL PROTECTED] > http://mailman.efn.org/cgi-bin/listinfo/eug-lug > _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
