[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Steves genfw firewall script...

> redhat-config-network, but it doesn't seem to see both of my network cards.
>  They are both RTL-8139 chips, one on-board, one PCI add-in.

Make sure they're not the el-cheapo RTL-8029 chips. They are really
ne2k-pci cards in disguise. They're lame, but they work, and 10Mbit/s
is waaaaay faster than my stinky ole 1.5Mbit/s DSL.

> I (quite likely incorrectly) assumed that the genfw script would 
> read the rules file, and generate some basic rules for routing and 
> firewalling.

Steve's pretty much it for your support options if you insist on using
genfw. I'm not knocking it, I'm sure it's useful to Steve.

But for folks getting into firewalling, I cannot urge you enough to at least
read the excellent documentation on firewalling at http://www.shorewall.net/.

It is iptables-based, and breaks down your rules into nice digestable
and understandable "chunks". It's not the fastest cat around in setting up 
rules, but then again, how much of your time is your firewall spending 
rebooting? It has a mailing list community, a SourceForge address, and
loads of documentation describing how to setup everything from blacklists
to IPsec tunnels to rfc1918 blocking to traffic shaping. And examples with 
decent complexity. Tom Eastep really knows what he's doing WRT to firewalling.
And there's even some log analysis tools around too, although I simply
check the Shorewall log every now and then for unusual activity. Like
another fsckin' Mickey$oft exploit, er, MSTD, making the rounds.

I cannot recommend the documentation enough, even if you don't choose to use 
Shorewall and want to spend your time decoding Steve's Perl or waiting for 
him to help you out. (BTW, Shorewall is completely shell-based, so it doesn't 
even require Perl to be installed for really, really small footprint 
firewalls).

Oh, and there's RPMs available too.

Mike808/

---------------------------------------------
http://www.valuenet.net



-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.