ipchains script creation utilities: any recommendations?

ipchains script creation utilities: any recommendations?

Post by Ken Wolf » Mon, 19 Jun 2000 04:00:00



I'm looking for an ipchains script creation utility for our Redhat
Linux 6.1 server.  I've been playing with 'mason', 'pmfirewall' and
'kfirewall'.  Anyone have any preferences or other recommendations?

Our setup is quite simple.  Our firewall performs NAT for all interal
addresses.  We have a dedicated IP with our ISP.  We receive SMTP
through on this machine in addition to telnet and ftp for specific
IPs.  Other than that we wany any incoming requests rejected but all
outgoing requests approved.

If it makes any difference, we are also using squid for a proxy cache
and to limit outside access to some departments.

Any suggestions?

Thanks in advance.

-----------------------------------------------

MAXIMUS                 http://www.maximus.com
-----------------------------------------------

 
 
 

ipchains script creation utilities: any recommendations?

Post by Bit Twist » Mon, 19 Jun 2000 04:00:00


This built me a tight ipchain firewall rule set
   http://linux-firewall-tools.com/linux/firewall/index.html
I used DENY, hardcoded external addresses, logged everything.

As part of the instruction and if you read the script, it will
give suggestions as to where you install the firewall.

And you might want to read http://www.enteract.com/~lspitz/linux.html
and                        http://www.securityportal.com/lskb/articles/
and                        http://www.securityportal.com/lasg/


>I'm looking for an ipchains script creation utility for our Redhat
>Linux 6.1 server.  I've been playing with 'mason', 'pmfirewall' and
>'kfirewall'.  Anyone have any preferences or other recommendations?

>Our setup is quite simple.  Our firewall performs NAT for all interal
>addresses.  We have a dedicated IP with our ISP.  We receive SMTP
>through on this machine in addition to telnet and ftp for specific
>IPs.  Other than that we wany any incoming requests rejected but all
>outgoing requests approved.

--
The warranty and liability expired as you read the message.
If the above breaks your system, it's yours and you keep both pieces.
Practice safe computing. Backup the file before you change it.
Do a,  man every_command_here, before doing anything or running a script.

 
 
 

ipchains script creation utilities: any recommendations?

Post by Chad M. Stewar » Mon, 19 Jun 2000 04:00:00



>Date: Sun, 18 Jun 2000 14:54:34 -0400

>Newsgroups: comp.os.linux.networking
>Subject: ipchains script creation utilities: any recommendations?

>I'm looking for an ipchains script creation utility for our Redhat
>Linux 6.1 server.  I've been playing with 'mason', 'pmfirewall' and
>'kfirewall'.  Anyone have any preferences or other recommendations?

You might find my site, http://packetfilter.dynip.com useful.  Answer a few
basic questions and a custom script will be created for you.  The default
policy is DENY.  Not all outgoing requests are allowed as I do not think that
to be a good policy.  

Quote:

>Our setup is quite simple.  Our firewall performs NAT for all interal
>addresses.  We have a dedicated IP with our ISP.  We receive SMTP
>through on this machine in addition to telnet and ftp for specific
>IPs.  Other than that we wany any incoming requests rejected but all
>outgoing requests approved.

>If it makes any difference, we are also using squid for a proxy cache
>and to limit outside access to some departments.

I don't understand your policy, but technically my site should help you out.

Regards,
Chad

>Any suggestions?

>Thanks in advance.

>-----------------------------------------------

>MAXIMUS                     http://www.maximus.com
>-----------------------------------------------

                                                 _\|/_
                                                 (o o)
----------------------------------------------oOO-(_)-OOo------    

Packet filtering for Linux
http://www.packetfilter.dynip.com/

"...Unix, MS-DOS, and Windows NT (also known as the Good,
the Bad, and the Ugly)."  (By Matt Welsh)

---------------------------------------------------------------

 
 
 

ipchains script creation utilities: any recommendations?

Post by Rick Matthe » Tue, 20 Jun 2000 04:00:00



>This built me a tight ipchain firewall rule set
>   http://linux-firewall-tools.com/linux/firewall/index.html

I'll second that recommendation!
 
 
 

1. ipchains firewalling script creation

I've been checking out the ipchains script-writer at

http://linux-firewall-tools.com/linux/firewall/index.html

At the risk of revealing my ignorance Yet Again, I have a question
about the external interface button/frame.

if the external interface button is ppp0 (or pppx), then what do we
put for the dhcp server?  (same question goes for ethx, I guess).

I understand that ppp usually implies a dynamic IP, but I thought that
was one of the positive things about dhcp, is that the clients and
servers can find each other all on their own.  Not so?

So, what are we supposed to put in the dhcp server data box?

thx

LTho

Remove the .n.o.spam to reply

----------------------------
 Spam bait (With credit to E. Needham):







2. SCO NFS ignores suid privileges

3. File creation date compare utility

4. Repartioning

5. C Prototype Creation Utility Wanted

6. Sytem Performance

7. News batch file creation utility

8. Many People with ET4000w32p-Problems

9. C Prototype Creation Utility Wanted

10. WANTED: recommendations for backup utilities

11. Tape backup utility recommendations.

12. Backup Utilities/recommendations

13. looking for ipchains "armadillo" utility