Setting up a Linux Firewall
20 years 1 month ago #2995
by Cheetah
Kind Regards,
<b>Cheetah</b>
<i>The outcome of devotion is, quality!</i>
Replied by Cheetah on topic Re: Setting up a Linux Firewall
Hi
Just my 0.02 cents.
1. When using a dedicated firewall, building your own, I would suggest recompiling is a must. I dont want my machine to run with the default "all-rounder" kernel.
2. Some one not interested in recompiling and stripping down, I would recommend using "Coyote" or "Devil-Linux". Now l cannot appreciate if some one says it takes time to set up a Linux Firewall, with such nice tools as above. "Devil-Linux" has almost everything you need on a gateway, and is still safe. Let the intruder write on my ramdisk, or let him try writing on my cdrom or write-protected floppy.
3. It's true that with every major release; to get the kernel up & running great for the first time, takes time. For me it took more than 100 hrs, and still experimenting a lot now.
4. Drop is the best. But it depends on which scenario, your firewall works on.
5. With great tools available for making your life easier for configuring firewalls now, I would not spend "man hours" into scripts or command line. This way it's less prone to human error, and I would only see the rules & scripts if something is not really working the way I need.
6. I appreciate using exclusive machines for its dedicated purpose, but this is always not practical in home/soho environments. It works for corporates. So in my home network, I may have other services running on my firewall box itself.
Regards
-Cheetah
Just my 0.02 cents.
1. When using a dedicated firewall, building your own, I would suggest recompiling is a must. I dont want my machine to run with the default "all-rounder" kernel.
2. Some one not interested in recompiling and stripping down, I would recommend using "Coyote" or "Devil-Linux". Now l cannot appreciate if some one says it takes time to set up a Linux Firewall, with such nice tools as above. "Devil-Linux" has almost everything you need on a gateway, and is still safe. Let the intruder write on my ramdisk, or let him try writing on my cdrom or write-protected floppy.
3. It's true that with every major release; to get the kernel up & running great for the first time, takes time. For me it took more than 100 hrs, and still experimenting a lot now.
4. Drop is the best. But it depends on which scenario, your firewall works on.
5. With great tools available for making your life easier for configuring firewalls now, I would not spend "man hours" into scripts or command line. This way it's less prone to human error, and I would only see the rules & scripts if something is not really working the way I need.
6. I appreciate using exclusive machines for its dedicated purpose, but this is always not practical in home/soho environments. It works for corporates. So in my home network, I may have other services running on my firewall box itself.
Regards
-Cheetah
Kind Regards,
<b>Cheetah</b>
<i>The outcome of devotion is, quality!</i>
Time to create page: 0.144 seconds