building a firewall

Gerald Combs gerald at ethereal.com
Sat Jul 27 15:03:29 CDT 2002 

On Sat, 27 Jul 2002, Marvin [GodfatherofSoul] Bellamy wrote:

> I know this is a LUG, but use OpenBSD for your firewall, especially if 
> you're a beginner.  OpenBSD is designed from the ground up to be a 
> secure distro and installation is easy if you're not worried about X. 
>  Plus, since so many residential networkers use it there's a ton of 
> documentation out there to get you going.

OpenBSD's firewall rules are a lot easier to read and write (for me, at
least).  I can grok a file full of

  pass in quick on $outside proto tcp from any to any port = www

a lot faster than a file full of

  iptables -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed

particularly when it's been 6 months since I looked at my firewall's
configuration file, and a year since I looked at the documentation.

> Kurt Kessler wrote:
> 
> >Ok, one other thing I thought about asking but then
> >hesitated a bit...
> >
> >I know this is like asking "which distro is best?",
> >but, I have Mandrake Secure Network Firewall, it says
> >its a firewall and includes all the NIDS stuff also.
> >OR, I have a rather nice tutorial on building my own
> >NIDS with Red Hat 7.3, mySQL and php. Are there any
> >other preconfigured ones out there. I was thinking
> >that I might learn a bit more by learing what it
> >is/does, and THEN building my own from scratch. I'm
> >sure the Mandrake is quite a simple install, just
> >wanted to check on other's suggestions for others.
> >Thanks
> >
> >--- chuckx <chuckx at cold-sun.com> wrote:
> >
> >>On Fri, Jul 26, 2002 at 05:37:17PM -0700, Kurt
> >>Kessler wrote:
> >>
> >>>Is a 75mhz box w/ 72mb suitable for a firewall?
> >>>
> >>That's more than enough power for a firewall.  It
> >>doesn't take much
> >>proccessing power to filter a residential internet
> >>connection, be it
> >>broadband or dial-up.
> >>
> >>Good luck.
> >>
> >>-- 
> >>- chuckx | Charles K. Lee II -
> >>- http://www.cold-sun.com -
> >>--
> >>
> >>
> >>majordomo at kclug.org
> >>Enter without the quotes in body of message
> >>
> >
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Yahoo! Health - Feel better, live better
> >http://health.yahoo.com
> >
> >
> >
> 
> 
> 
> 
>

More information about the Kclug mailing list