February 5th, 2003, 08:14 PM
I've been using redhat for a short time and have just gotten it working the way I want. And now that all that hard effort is dont (for now) I'd be very pissed if something happened. Note, I am backing up my system That aside my question is, is the defualt RedHat Firewall good?/good enuff? or should I just spend a few days reading up on ipchains/iptables and making my own? and one more quick one, Ive been reading up on snort and it seems pretty good, aswell as tripwire. If I ran boath at once would that be better or would one just cancle the other out? thanks in advance for _any_ input.
February 5th, 2003, 08:25 PM
Defenitly what kind of connection do you have if its a cable modem you should really look in to iptables for its advanced packet filtering and doesent the default firewall leave smtp open ? and by default smtp boots at start up
spend a few days reading up on ipchains/iptables
to turn this off switch to root by using the su command and then run /etc/init.d/sendmail stop to stop the sendmail daemon (That is only if you want to stop it)
Nope i shouldnt think so you sound parronoid but heh its you're configuration the best thing to do is play about with alot of diffrent ids and firewall rules to you get the best policy that suits you.And remember if you are running any services keep an eye on the product vendors website for up-dates and patches and subscribe to mailing lists like bugtraq
Ive been reading up on snort and it seems pretty good, aswell as tripwire. If I ran boath at once would that be better or would one just cancle the other out?
By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
The 20th century pharoes have the slaves demanding work
February 5th, 2003, 08:27 PM
Sufficient is relational to use. You may want to be a little more specific. Let's say something like:
I want to use the RH8 firewall for Internet access at my home.
Should this be the case, then yes, it makes a fine choice. I personally use a hardware solution but there is nothing wrong with using the bundled FW in RH8.0 for home application.
If you are unfamiliar with IPtables and Chains then you run the risk of making a mistake which may result in a security hole. I'd practice in a non production environment and see just how it responds to different types of traffic.
Snort and tripwire have different core purposes. You may also want to look at Netcat. it sounds like you have use for that. Just throw NetCat into a Google search. You can use it to bang against your firewall once you have it setup.
Hope this helps.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
February 6th, 2003, 02:44 AM
Iptables is a great firewall. It just takes some reading to get used to it. I've seen several iptables tutorials, both here and on the internet at large. You can actually create a very basic firewall with only one line:
iptables -A INPUT -j REJECT -m state --state NEW
This rule will reject all incoming packets that aren't part of a outbound connection that you initiated. The only quirks you may have will be with active FTP, though noone really likes that much these days anyway.