debian-etch gateway
R. Wood
rw at ncf.ca
Sun Aug 3 14:28:53 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Allegedly, on Sun, Aug 03, 2008 at 08:40:26AM -0300, Tom Daly stated:
> I run a debian-etch gateway for my house network (K/Xubuntu/XP
> mixture), and want to crank down security a tad. If anyone has any
> comments/suggestions on this article
> <http://www.debian-administration.org/articles/23>
> I'd appreciate hearing from you
Hi,
You may need to supplement this article above with other
HOWTO's/tutorials/articles. I notice for example that it doesn't
mention configuring /etc/network/interfaces at all.
The other thing I don't recommend (and this is just my opinion, based on
my own experience) is trying to cook up homemade firewall scripts. This
topic is complicated enough, and there are a lot of subtle details that
create opportunities for security issues. If "security" is a concern,
and it should be, I say leave firewalls to the professionals: find a
good 'firewall script' that allows you to specify what you want at a
higher level, and then the script will crank out the proper set of
iptables rules. Two examples of firewall scripts are:
- - shorewall (no GUI, just edit some text files according to the
excellent documentation).
- - firehol (same, no GUI).
The firewall needs to be set up carefully, methodically, and with
attention to detail. Once it is in place it will handle the
ipmasq/NAT/port forwarding (different people use different terms)
automatically.
HTH,
Raymond
- --
"Be Nice, or Leave - By Order of the Management"
(Sign above door, Black Sheep Inn, Wakefield)
GPG Fingerprint: 2E4D 8605 DD48 E80F F893 1C02 B65D 86D9 3B3C 0E03
Encrypted Email Preferred | War is BIG Business: Enough Excuses, Peace Now!
Bush-whacked 2004! Try to relax and enjoy the Chaos :-) | Free Tibet
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIlcCltl2G2Ts8DgMRAvQ5AJ9HHBNqmcXVzR7PnymlAbBDUSy5OwCfcrEl
TioUUfa35f/D53Scbx96cGE=
=pENt
-----END PGP SIGNATURE-----
More information about the ubuntu-ca
mailing list