On Wed, 26 Jul 2000, Steven W. Orr wrote:
> I too am very interested in firewalling my newly acquired cable modem.
>
> Currently I'm using something I found called pmfirewall. It works
> wonderfully by asking lots of questions and them producing ipchains
> commands as output. It's really very well done, but (there's always a
> butt), I really want something that works as well as pmfirewall but also
> remembers what I did so I don't have to answer all the questions from
> scratch every time. The problem with other ipchains interfaces I have
> looked at is that they don't allow anything but vanilla firewalls, i.e.,
> all or nothing.
This tends to be the problem with ALL automated tools, and all of the
IPCHAINS tools in particular. And particularly where security is such an
important topic, I will offer my opinion that you are far, far better off
biting the bullet, and reading all the man pages and the howtos and doing
it all yourself by hand.
Yes, it will take you much longer, but you will learn a lot more about
security and firewalls if you do it this way, and you will not have
tons of ipchains rules that you just don't need cluttering up your chains,
as generally happens with all the automated tools. You will also not be
forced to rely on someone else's idea of securing your machine, which may
be either a plus or a minus, depending on how confident you are
configuring your firewall...
The relevant howtos are:
the IPCHAINS howto
the Firewall howto
the Net-3/4 howto
the Ethernet howto
--
Derek Martin
System Administrator
Mission Critical Linux
[EMAIL PROTECTED]
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
