[EMAIL PROTECTED] rearranged electrons thusly:
> What do you mean skeleton? The only thing running on this machine
> should be sshd.
ideally, yeah. then you'd portforward mail and other services from an internal
machine
> >2. Upgrade nearly everything on that box (or install something like
> If you need a ftp server, go for Proftpd1.2rc3 (I'm sure Binand will
> recommend the OpenBSD port, but I have no experience with that).
> Do not even install wu-ftpd. Do not install the telnet daemon.
right
> >4. Use ipchains to restrict / block access to ports / services.
> Don't forget to set a default policy of DENY in
> etc/rc.d/init.d/network before bringing up any cards.
> >called GShield. Use it (and something like Bastille as well). To
> IIRC that need GNOME. The reference "Building Internet firewalls" from
gshield? no, definitely not. it's an ipchains based firewall, config'd
through a shell script. check it out, it rocks
--suresh
--
Suresh Ramasubramanian <--> mallet <at> efn <dot> org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
"What separates normal people from kooks is how they react when people disagree
with them or tell them "NO" <-- Ron Ritzman on news.admin.net-abuse.email
----------------------------------------------
The mailing list archives are available at
http://lists.linux-india.org/cgi-bin/wilma/linux-india-help
