[Klug-general] Ideas, Offerings & Questions
Matthew Macdonald-Wallace
matthew at truthisfreedom.org.uk
Mon Jan 29 10:33:02 GMT 2007
Quoting Karl Lattimer <karl at qdh.org.uk>:
>
>
>> > But now I have a Debian server running (providing HTTP, SSH and FTP to
>> > the world.. not user name and password is needed for SSH and FTP) I'm
>> > assuming that I need some kind of software firewall on this box for
>> > safety and (also just for education) What would people recommend? I
>> > looked into firestarter but that requires GUI which I don't have/want
>> > on this box.
>> > Any ideas/recommendations?
>>
>> IPTables == excellent!
>>
>> Seriously, have a look at IP Tables. I'd set them up from the
>> physical console of the machine, that way when you start your ruleset
>> with
>
>
>
> NEVER, EVER, EVER type iptable rules in to a command line, you write a
> script and run it, test it, then adapt it. This is essentially what
> firestarter does.
>
> It is a good gui but doesn't cover some of the more advanced options in
> iptables.
>
> I would recommend you setup X11 ssh forwarding to another unix box, and
> run the firestarter GUI.
I've been advised in the past not to use a GUI as they can sometimes
configure stuff automatically that may not be needed, leaving the host
vulnerable.
Good idea about the script though, hadn't thought of that.
Cheers,
Matt
--
Matthew Macdonald-Wallace
matthew at truthisfreedom.org.uk
"Sed quis custodiet ipsos custodies?"
More information about the Kent
mailing list