Good day, Dave,
If you're looking to build a strict firewall (deny all but a few
traffic flows), I'd like to suggest you try the Mason firewall builder
I've written.
You run Mason on the machine that will act as your firewall while
you're doing all the things you'd like to be able to do in the end (read
mail from an internal machine, browse the web from an internal machine,
accept incoming mail, etc. Mason spits out all of the ipfwadm (or
ipchains!) rules you need to allow _exactly_ those traffic flows.
The latest version (0.9.0 - will be up on the web site by tomorrow
at the latest) runs on ipchains or ipfwadm machines, accepts the packet
logging format created by either ipfwadm or ipchains firewalls, and spits
out either kind of rule.
Simply look over the rules, generalize them as needed (I'm working
on doing that automatically now, but it's slow going), and you have
a custom firewall for that machine.
There are a lot of other features too; the documentation should
actually be quite useful in understanding packet filtering firewalls.
Please note that I'm in the process of updating the documentation to
specifically cover ipchains; that, too is going slowly because I'm just
learning how to do ipchains myself.
The package can be found at the web site in my signature. Please
let me know if it turns out to be useful to you.
Cheers,
- Bill
On Tue, 15 Dec 1998, Dave Harms wrote:
> I hope someone can point me to an authoritative source on using ipfwadm
> to protect a dual-homed Linux host which has web, ftp, and mail
> services and is a gateway to a small private lan (using ip
> masquerading). Yes, I know that's not a recipe for great security.
>
> I've been through Paul Sery's "Linux Network Toolkit", and I have (but
> haven't fully digested) "Firewalls and Internet Security - repelling
> the wily hacker". I've read a great many newsgroup postings on the use
> of ipfwadm, and I've cobbled together a set of rules which start with
> deny all input, output, and forwarding, and open up the stuff I need.
> It seems to work, but I'm basically a newbie, and I'd like a better
> grasp of firewalling on Linux. Does anyone have a book, or a link or
> two they recommend? Other than the Linux HowTos and FAQs, I mean.
---------------------------------------------------------------------------
Unix _is_ user friendly. It's just very selective about who its friends
are. And sometimes even best friends have fights.
William Stearns ([EMAIL PROTECTED])
Mason, Buildkernel, and named2hosts are at: http://www.pobox.com/~wstearns
---------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
