[Sderby] Auto generating firewall rules, is this possible?

Paul Grosse paul-grosse at ntlworld.com
Wed May 12 07:31:29 BST 2004


> >>>Anyone know of any way to put iptables (or some other software) into
learn
> >>>mode to automatically generate firewall rules in Linux. I don't want to
> >>>have to trawl through masses of logs initially.
> >>>
> >>>Are there any hardware firewall appliances that will also do the above?

I use a SonicWALL which is very easy to configure. By default, it allows all
connections that originates on the LAN and denies all connections that
originate on the WAN (Internet). I have mine configured to allow port 80
through to a specific IP address on the LAN and also to perform
masquerading.

It is a third generation firewall (SMLI) so it is in effect a fancy packet
filter. If you want a second generation f/w (application level proxy) then
you need to use something else but third generation is secure enough for
most uses.

As far as monitoring the traffic you could either use the logging on the
SonicWALL set to network debug or use Ethereal or similar.

> <thought>
> Is the light at the end of the tunnel an on coming train
> </thought>

No, no, no. It's an accountant, bending over, tying his shoe laces.

Paul Grosse
==============================================================

If humans taste so nice, why aren't we supposed to eat them?

==============================================================




More information about the Sderby mailing list