Re: Firestarter VS Shorewall

On Sat, Mar 03, 2007 at 08:08:36AM +0000, David Hart wrote:
On Thu 2007-03-01 16:05:32 -0500 Roberto C. Sanchez wrote:
On Thu, Mar 01, 2007 at 09:45:41PM +0100, Franck Joncourt wrote:
On Thu, Mar 01, 2007 at 11:56:41AM -0800, Jordi wrote:

John, that seems to complicated for me, but seems good as it is a
hardware firewall.
Roverto, seems you like to do a control of all parameters, you must be
an expert. I will try to do as you say, and learn a bit.

Want to set up a firewall ; it is better to know what you do :)!
I started using iptables first, and now it is quite difficult to change,
even to try other stuff. So if you want to learn more, take a look at the
iptables tutorial. However, I should admit it is time consuming.

Right, like when you want a firewall to manage a half-dozen different
zones on your network, which is connected to several different ISPs,
while performing traffic shaping functions?

If you need to manage a half-dozen zones the chances are that you'll
be doing packet filtering on specialized hardware so shorewall will
be of no use.


I have never said using iptables was the best solution, however, I think the understanding of netfilter/iptables might help. It is up to everyone to choose whether they want to get a better understanding of what they are doing, or not. He may not need to bother with all that.
Anyway, iptables, fwbuilder, shorewall and ohters have their own advantages and drawbacks.


Having this in mind, do you know a good and simple solution? I will
have much time to learn for future, it is just to have a start point.

I recommend
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html
written by Rusty Russell, the initial author and one of the current main
developers of iptables/netfilter.

He shows a simple six line firewall script at
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html.

Here is the link I use where you can get pretty useful information (for the future maybe 8)! ), as well :
- protocol description
- connection tracking
- iptables itself

http://iptables-tutorial.frozentux.net/iptables-tutorial.html

There are some examples too.

--
Franck Joncourt
http://www.debian.org
http://smhteam.info/wiki/
GPG server : pgpkeys.mit.edu
Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE

Attachment: signature.asc
Description: Digital signature

Relevant Pages

  • Re: Feedback solicited - best way to harden a mail/web server?
    ... Was the system protected by a properly configured firewall? ... it's not a bad "starting point" and it can generate an IPtables rule ... > nor is there a web or ftp server; aside from that I haven't tried to secure ... Before I'll install some nifty application ...
    (comp.os.linux.security)
  • Re: Shorewall glitch
    ... # Sets minimal Iptables Security ... Im using Shorewall as we ... That rule allows you to run an SSH server on your firewall and connect ...
    (comp.os.linux.security)
  • Re: EMERGENCY - need to secure my server against an ongoing SPAMMER
    ... computer with a broadband connection. ... that IP range will prevent that spammer from wasting your systems ... This approach eventually makes your firewall machine so busy it has ... A better approach is to use IPTables to deny ALL inbound attempts to ...
    (Fedora)
  • linux - iptable firewall DNS question
    ... When my firewall is active, i am unable to use name solving features from my ... iptables -P INPUT ACCEPT ... # $ipnet -> adresse ip de l'interface connectée à internet ... echo ACCES AU FIREWALL DEPUIS LOCAL ...
    (comp.security.firewalls)
  • Re: firestarter start failure?
    ... It writes to iptables firewall rules, and then is done, ... unless gui is open. ... Do I have to start Firestarter after I have rebooted? ... When Firestarter is installed from a package, the firewall ...
    (Ubuntu)