Joe Laudadio on Mon, 1 May 2000 11:44:03 -0400 (EDT) |
On Mon, 1 May 2000 DrexelDG@aol.com wrote: > I got a few questions... > > Who uses them? Anyone who is interested in making their systems just a little bit more secure from the threats that come with having a system connected to the Internet. That is, anyone from the big multinational corporations all the way on down to the way down to the guy with a little network at home. > What kind do you use? Is there a commerical version that is better then a free one? I use the builtin firewall features of the linux kernel. As of kernel 2.3, that's netfilter. For 2.2 kernels, it would be ipchains. Prior to 2.2 kernels it would be ipfwadm. As for commercial versions that are better, I guess it all depends on your needs. CheckPoint is one commercial firewall package that is available for linux now I believe. > > A HOWTO file to config them? Why certainly! The ipchains-HOWTO available at your favorite HOWTO site, you might already have it on your box already. Have a look in /usr/doc/HOWTO > > Any addaitional information that I need to know? There are different methods of firewalling. The most basic (and the type present in the linux kernel) is called packet filtering. Basically, this looks at all IP packets and based on rules allows or denies their passage through (you can do other things too, like forward them somewhere else). The disadvantage of simple packet filtering is that your packet filtering firewall will not know anything about the contents of your data. All it is concerned about are things like where this packet originated from, where it wants to go, what port it came from, what port it wants to goto, etc. It doesn't care whether this packet is part of an ongoing http conversation or whether this packet contains information about X protocol. If you find that your needs to be able to distinguish between packets carrying different kinds of data, then you might need a context-based firewall. To my knowledge, there aren't any free packages out there to do context-based firewalling. You might need to look into a commercial solution. However, for most cases a packet filtering firewall will get the job done. And because most protocols use a well known port number, you *can* decide which protocol to allow or deny base on the port it uses even if your firewall software doesn't really know it's doing it. mg > > Thanks all... > > Anthony > > ______________________________________________________________________ > Philadelphia Linux Users Group - http://plug.nothinbut.net > Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce > General Discussion - http://lists.nothinbut.net/mail/listinfo/plug > ______________________________________________________________________ Philadelphia Linux Users Group - http://plug.nothinbut.net Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce General Discussion - http://lists.nothinbut.net/mail/listinfo/plug
|
|