[Sderby] Auto generating firewall rules, is this possible?
Ashley Heath
ashley.heath at bigfoot.com
Fri May 14 22:16:27 BST 2004
Thanks for all your input, a lot of useful suggestions but not exactly the info I needed, but thats probably because I didn't phrase the question too well.
In normal circumstances when I am setting up a firewall I am quite happy to generate rules manually or use something like fwbuilder.
What I was actually looking for in this instance was something to do some of the leg work for me, basically mapping the network in its raw form and generate allow rules for everything that passed through the firewall from the LAN to the WAN and vice versa. These rules could then be scrutinised and everything but the essential services could then be removed and everything else denied. Am I asking too much here? Talking nonsense? (Hmm very likely, please don't answer that)
Maybe I have been looking at this from the wrong angle, would it be better to use some form of network analysis tool to map traffic between the LAN and WAN instead? Can anyone suggest any Linux tools that can map a network accurately and output in an easy to read format so that I can use this as a basis to generate the rules?
How do other people do this?
Any other suggestions welcome
Cheers
Ash
More information about the Sderby
mailing list