Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Linux Security/firewall

  1. #1
    Senior Member
    Join Date
    Oct 2001
    Posts
    193

    Linux Security/firewall

    I run Mandrake 7.2 and I have no idea how to go about setting up a secure firewall. Are there any firewalls available for download or any tutorials on going about securing my box? Any help would be greatly appreciated. Thanx.
    [shadow]Prepare ship for ludicrous speed![/shadow]

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    752
    I have asked that same question before, and was pointed in the direction of Bastille. It seems to have worked fine for me so far. The only difference is I wanted to lock down a Red Hat box. I believe it works for Mandrake too, though.

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    193
    Thanx for the info. I just looked over a CD that I have that came with a *nix security book and it has that firewall as well as a few other utilities. I will install it for sure. Thanx again.
    [shadow]Prepare ship for ludicrous speed![/shadow]

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    119
    a lot of good links for the basic knowledge about firewalls

    http://www.infosyssec.com/infosyssec/firew1.htm
    http://www.linux.com/howto/Firewall-HOWTO.html

  5. #5
    Senior Member bAgZ's Avatar
    Join Date
    Jul 2001
    Posts
    206
    I have mandrake 8.0 and as i can recall there is a firewall that comes with it. It is fairly simple to put it on if you just go into mandrake contol center and under security you have a tab to configure firewall ... I am not sure but i think it was tiny firewall that comes on cd's. Anyway i have no idea about mandrake 7.2 i assume you can download one.

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    I use Mandrake 7.1, and in my Linuxconf > Security dialog I've got a Network Something-or-others section which allows me to configure routers and an ipchains based basic firewall.
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

  7. #7
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164

    Post

    For firewall information, it's a good idea to get to know what the wondrous 'ipchains' can do for you. Standard installations (RH and other RPM based linuxes) have it by default and it can definitely either A: make your system secure on a rule-based system or B: totally lock you inside with no way out (nooooo!)!

    Seriously, ipchains, for me, has been a lesson in how ports and protocols work (tcp/udp) for local intranets and internet access.
    It does just about everything you can think of from masquerading, filtering, denial, rule-based permission, etc...

    In coordinance with ssh (public/private key exchange and 'trusted hosts/users'), you can make a box pretty f'ing secure.

    http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
    http://www.openssh.org
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  8. #8
    A great site about firewalls (all sorts) www.firewalls.com

    Or if you want to easily setup a machine as a firewall then try smoothwall.

  9. #9
    Member
    Join Date
    Oct 2001
    Posts
    88
    If you are comfortable with rebuilding your kernel, or willing to dive in with some reading on doing it. I would suggest getting getting the latest kernel sources (2.4.16 and *not* 2.5.0) from http://www.kernel.org. Then get the grsecurity patch from http://www.grsecurity.net, it has the following features that together with a properly configured firewall like iptables will give you some pretty great security.

    <snip from grsecurity>

    OpenWall Non-executable Stack
    CONFIG_GRKERNSEC_STACK
    If you say Y here, your system will not allow execution of code on the stack, making buffer overflow exploitation more difficult.

    Gcc trampoline support
    CONFIG_GRKERNSEC_STACK_GCC
    If you say Y here, the system will support trampoline code along with the stack protection. If you do not have any programs on your system that require this (glibc 2.0 users must say YES to this option) you may say no here.


    There is a long list of others, I recommend at least checking it out.

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Ummm, to my knowledge, every 2.4 Kernel-based linux distribution includes netfilter, does it not?

    Netfilter is a stateful packet filtering firewall, and you can access it via iptables or ipchains. If you're willing to learn, you can do quite a lot with it.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •