On Thursday 30 Oct 2003 11:03 am, J.C. Woods wrote: > > Just install iptables, and start "rolling your own" rules. There > are loads of sites that document how to.
So installing iptables will have no 'built-in' rules? That's what I want, so that I can build it up a little at a time. > You could start off by > just replacing one rule at a time from your external router. For > example, let's say your hardware does not allow any ping responses. > So you write your first rule with iptables to disallow any ping > responses, and turn that feature off on the router, so on and so > forth until you feel good about your firewall rules, and have a > better understanding of what is going on. > The problem for me is that the hardware router does not allow GnomeMeeting to have a range of ports open (it uses h.323 tunneling), so I'm thinking that I will need, eventually, to set my box dmz and rely on the software one, suitably configured. I am quite prepared to make the switch to dmz for the duration of a session (it won't be too frequent), but I want the second layer in first. Consequently, I can use dmz to test the rules, going back behind the hardware f/w as necessary. > And you could do this a little at a time, as you learn new > rules.... > > Because I have always wrote my own rules, since the days of > ipchains, I do not know too much about Shorewall, and I would never > trust Webmin to handle a vital function like firewalls. Just my two > cents worth... > My experience with using it to set up samba does not encourage me to do it that way, but I thought that browsing the interface might give me a better idea of the questions I need answering before actually doing any configuration. Thanks for the input Anne -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet?
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
