Firewalls

[Jonathan Hutchins]

Since the discussion on Firewalls has come around again, I have to recommend 
the works of David Ranch, both in the IP Masquerade HOWTO, and in the 
expanded version of this, the TrinityOS documentation and scripts, found at 
http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html

The former will get you through setting up a basic firewall from any main 
distribution, and is regularly updated (7/9/03).  I've found that the 
configuration rarely needs updating, as it's secure by default.  If you want 
to do something new, like Voice-over-IP, you have to enable it.

The TrinityOS documents themselves include scripts that will do most of the 
configuration for you with a few minor customisations (hostname, IP 
addresses, things like that).  They are a much more thorough exploration of 
placing a secure server on the internet and implementing a protected private 
network behind it.  They discuss a lot of aspects of security and 
configuration, and are a very helpfull guide for anyone setting up a system.

I haven't doen everything according to the Trinity scripts, having come upon 
them after I'd started building hardened servers, but they are an excellent 
reference and I belive that they would be a great starting place for someone 
new to linux who wanted to build a firewall.

These scripts assume that if you're building a system that's meant to be a 
server and/or firewall you do NOT need to install any GUI on the system.  
They work entirely in text mode with the standard configuration files.

I haven't worked with any of the packaged firewalls aside from one (quickly 
wiped) installation of Mandrake's MNF, but I would highly recommend that 
anyone considering a Linux firewall read David's work first before they 
decide on how to proceed.  They will work fine on a P120 with a 1.2G disk.  
I've run with 16M but would recommend 32.

http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html