Greetings, At one of the places I work, I was asked to build a firewall for their site. Basically it connects the few local PCs to the Internet and Linux w/IP Masq. was chosen. One requirement was a script to generate the rules that would be easily used by the local "person in the know". I opted to create a structure in which the rules for each service were placed in a file of the same name. (e.g. /somewhere/firewall/services/http) There was then a few required rule sets that would go with any configuration. (e.g. anti-spoofing, ICMP, deny clowns, etc.) The end result was a rather easy tool for creating and implementing the firewall rules. Obviously there are a few niceties to take care of yet, but my concern is this; Is there anything wrong with, or that should be watched out for when generating "canned" rule sets? My thoughts are leaning to ftp opening up all ports above 1024 or redundant rules between different services. Thanks in advance, - Bennett - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
