[lug] a few questions
Nate Duehr
nate at natetech.com
Thu Sep 21 00:07:41 MDT 2000
Isn't suggesting BSD on a LUG mailing list blasphemous? :)
Just kidding...
If you do end up using Linux for a firewall a couple of recommendations:
1. Consider using a floppy-based distribution specifically made to
become a firewall. These seem relatively secure, although finding out
if the versions of the various software pieces installed are up-to-date
and don't have any published exploits can be time-consuming.
http://www.coyotelinux.com/
http://www.zelow.no/floppyfw/
http://www.xtdnet.nl/linux-router/
http://www.smoothwall.org/
These are just some links to various floppy-based distros, some good,
some not so good... I just copied them from an old bookmark file I had
for a floppy and/or CDROM-based app that was a tiny little server...
There's 60 (total) of them listed in this link:
http://www.linuxlinks.com/Distributions/Mini_Distributions/
This one is Debian-based and boots from CD-ROM:
http://gibraltar.vianova.at/
There's lots more of these out there...
2. If you're serious about securing RedHat boxes specifically, look into
running the Bastille scripts against them. It's not perfect, but it's a
lot better start than RH comes out of the box.
http://www.bastille-linux.org/
"Michael J. Pedersen" wrote:
> Which firewall? Now you've opened a can of worms :) Best recommendation: go
> with an OpenBSD box for your firewall. It's secure out of the box, and you can
> open up services as you need them. If you really wanna do a Linux box, well...
> Good luck. Securing a Linux box is NOT easy to do, especially the way most
> distributions come. But it can be done.
>
> As for FAQ's, I'd go to www.linuxlookup.com, and read the HOWTOs there.
> Specifically, the IPChains, IPMasquerade, EtherNet... Those should be a good
> start. Lots of reading there, though.
>
> --
> Michael J. Pedersen
> My GnuPG KeyID: 4E724A60 My Public Key Available At: wwwkeys.pgp.net
> My GnuPG Key Fingerprint: C31C 7E90 5992 9E5E 9A02 233D D8DD 985E 4E72 4A60
> GnuPG available at http://www.gnupg.org
>
> ------------------------------------------------------------------------
> Part 1.2Type: application/pgp-signature
--
+-----------------------------------+--------------------------------+
| Nate Duehr - nate at natetech.com | Support Amateur Radio & Linux! |
| Private Pilot, Telephony Engineer | Ham Callsign: N0NTZ |
| UNIX Hack, Perl Hack, Tech-Freak | Grid Square: DM79 |
+-----------------------------------+--------------------------------+
More information about the LUG
mailing list