I would have to agree with Derek on this one. Most of that automated
tools don't allow for anything out of the ordinary. For example, I have
yet to see any firewall tool that let's you do any sort of port
forwarding. Also, they always use default ports for services. If you
wanted to change you ssh port from 22 to say 2222, you can't do that
through most tools. The only way to truly utilize ipchains in it's
entirety, and realize how flexible and powerful it is is to learn the
tools and put them together for yourself.
Kenny
--
Kenny Lussier
Systems Administrator
Mission Critical Linux
***********************************************************
Life is a lesson, you learn it at the end
Reality has become increasingly less accurate
***********************************************************
Derek Martin wrote:
>
> On Wed, 26 Jul 2000, Steven W. Orr wrote:
>
> > I too am very interested in firewalling my newly acquired cable modem.
> >
> > Currently I'm using something I found called pmfirewall. It works
> > wonderfully by asking lots of questions and them producing ipchains
> > commands as output. It's really very well done, but (there's always a
> > butt), I really want something that works as well as pmfirewall but also
> > remembers what I did so I don't have to answer all the questions from
> > scratch every time. The problem with other ipchains interfaces I have
> > looked at is that they don't allow anything but vanilla firewalls, i.e.,
> > all or nothing.
>
> This tends to be the problem with ALL automated tools, and all of the
> IPCHAINS tools in particular. And particularly where security is such an
> important topic, I will offer my opinion that you are far, far better off
> biting the bullet, and reading all the man pages and the howtos and doing
> it all yourself by hand.
>
> Yes, it will take you much longer, but you will learn a lot more about
> security and firewalls if you do it this way, and you will not have
> tons of ipchains rules that you just don't need cluttering up your chains,
> as generally happens with all the automated tools. You will also not be
> forced to rely on someone else's idea of securing your machine, which may
> be either a plus or a minus, depending on how confident you are
> configuring your firewall...
>
> The relevant howtos are:
>
> the IPCHAINS howto
> the Firewall howto
> the Net-3/4 howto
> the Ethernet howto
>
> --
> Derek Martin
> System Administrator
> Mission Critical Linux
> [EMAIL PROTECTED]
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
