DSL Tips and Tricks :: DSL as router
I have been using the rc.firewall.dsl, but how secure is it really? I am using it because I want a firewall and it was available as an extension. I dont really know much about how or why it works, therefore I really like the idea of a howto/walkthrough.
the rc.firewall script creates a very powerful "stateful" firewall...which means everything is allowed out from the inside, but everything from outside unless the traffic was "created" from the inside is blocked
A good place to start would be the source Linux Firewall and Linux Firewall :: Configuration
Look at the resources section..there are alot of helpful links there...
In its default for the rc.firewall is more than enuff to protect any "stand alone" machine..but tweaking it further for internet sharing and port forwarding and stuff like that will take some reading, however Im absolutely positive with a bit of knowledge and some minor tweaking you could make dsl a very powerful and secure router (1st by taking away sudo and tightening other things down)
Plus by adding other simple mydsl apps such as snort (intrusion detection), squid (browser cache), and other nice firewall tools, DSL could be ready!
Anyone want to work with me to take this a step further?!?
Brian
AwPhuch
Thanks for the info. I will check out the links and the other apps you mentioned.
FYI
I helped a guy here in Houston at the HAL - PC group put rc.firewall on his webserver box (he was running an older version of Mandrake and wanted to make sure he was secure), we opened the standard web port for his webserver, ftp, SSH, and Samba share...
We even ran rkhunter to ensure he didnt have a linux trojan on there...all clean!!
rc.firewall is a very very powerful and smart script and with tweaking can be even more powerful..just be careful what you open, but on say a laptop or single desktop even the unmodified "stateful firewall" will protect you quite well!
Think of it as sygate personal firewall on steriods, but for (linux)!
Brian
AwPhuch
Very cool, that makes me feel a bit more confident until I can learn more about it.
Next Page...
original here.