[Gllug] Firewall setup Routing

Russell Howe rhowe at wiss.co.uk
Wed Jul 7 01:11:15 UTC 2004

On Tue, Jul 06, 2004 at 04:22:09PM +0100, Simon Perry wrote:
> Hi,
> I would like suggestions of a firewall package to handle the following 
> or an idea of the complexity of rolling my own.

Pretty basic routing - you won't even need any of the stuff which is
documented on lartc.org, although you might want to use the ip command
to do things anyway (it's nice).

The firewalling is always a contentious point - I'd say try out a few
firewall scripts, look at what they do and try and understand why they
are doing what they do, wipe the ruleset, sit down with the netfilter
and iptables docs and try to produce something yourself. You'll learn a
lot and be in a much better position to debug things.

Then try fwbuilder. My boss swears by it. I swear at it, since it's
written using QT, but apparently it's quite good, and can produce
rulesets for iptables and some BSD firewall.

Always check rules produced by automated tools by hand, of course.

Then, once a ruleset is in place, test it as thoroughly as you can from
outside and in.

-j LOG (iptables) and tcpdump are invaluable, as are things like nmap
and the various tools which exist to generate arbitrary packets.

Russell Howe       | Why be just another cog in the machine,
rhowe at siksai.co.uk | when you can be the spanner in the works?
Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list