Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Linux Firewalls
Top Forums UNIX for Advanced & Expert Users Linux Firewalls Post 7220 by LivinFree on Friday 21st of September 2001 12:43:57 AM
Old 09-21-2001
Well, I do have to say, if it ain't broken, why fix it? But if you really want to switch away from OpenBSD, I agree with staying away from Raptor. I personally would stay away from Checkpoint as well. I haven't seen many problems with the Cisco Pix systems, and a few of our firewalls at work are in fact Pix.

If you really want to check out Linux firewalling, see here:
http://www.linuxsecurity.com/feature...netfilter.html
It gives some good information on iptables (the newest and greatest from the 2.4.* kernel). Iptables give you many many new abilities over previous incarnations in Linux firewalling.

You can spoof your true operating system and version, a move in the direction of stateful packet filtering, and more! If you decide to go the way of Linux, I think you'll do fine, provided you study up and do some testing before placing it in production.
 

5 More Discussions You Might Find Interesting

1. IP Networking

Halted Firewalls by Mike Murray

Secure packet filtering on high-bandwidths fw/rtr for large business tasks. Has anyone tried this concept on openbsd? The article is posted at www.sysadminmag.com on page 27. January 2002 issue. I believe Mike has hit upon something that can be applied in the field today and prevent fw... (0 Replies)
Discussion started by: dpatel
0 Replies

2. Cybersecurity

firewalls and proxys

what can I use to find out whether a computer has a firewall or proxy??? What can I use do erase it? (5 Replies)
Discussion started by: Phatress
5 Replies

3. UNIX for Dummies Questions & Answers

Firewalls and other security measures...

One day, while using my PC with Windows XP, my router just stopped working. So, for the ability to connect to the web at that moment, I connected directly to the cable modem without my router. I noticed immediately that people were trying to hack into my computer because my personal firewall would... (2 Replies)
Discussion started by: Minnesota Red
2 Replies

4. UNIX for Advanced & Expert Users

Firewalls

Hi, I was doing abit of reading on firewalls when this question came up. Is there any command which sets up a firewall that will only allow packets through if they come from a port number less than 1024? How about a command which allows packets through if they are destined for a port... (3 Replies)
Discussion started by: sleepster
3 Replies

5. Cybersecurity

Firewalls and cryptography

As we know, firewall is designed to keep unauthorized outsiders from tampering with a computer system or network. We don't talk about computer security without cryptography. In this case, may I know,How does cryptographic protection (at the TCP/IP layers or at the application layer) affect a... (1 Reply)
Discussion started by: heroine
1 Replies

LEARN ABOUT OPENSOLARIS

ipfilter.conf

NETSCRIPT-2.2.conf(5)                                           File Formats Manual                                          NETSCRIPT-2.2.conf(5)

NAME

       /etc/netscript/network.conf - interface, firewalling, and QoS configuration file.

       /etc/netscript/if.conf - interface setup shell script file

       /etc/netscript/qos.conf - QoS setup shell script file

       /etc/netscript/ipfilter.conf - IP chains filtering shell script file

       /etc/netscript/srvfilter.conf - server IP filter shell script file

DESCRIPTION

       This manpage is a place holder until something better is written when the netscript itself has stopped changing rapidly.

       Please  see  the README file in the /etc/netscript directory, and READ the configuration files if you need to change them.  Apart from net-
       work.conf, all of them contain sh (1) shell script functions which are there so that various things can be altered  or  hooked  in  at  the
       right place. Network.conf contains the full network setup details, including special interface setup for the likes of ciped/pppd/wanconfig,
       and is fully commented with examples given.

UPGRADE PATH FROM KERNEL 2.2.X
       The firewall/IP filtering stuff in ipfilter.conf is the part that changed radically with the move to iptables and a far better way of  set-
       ting  up  the  IP filtering rules, however the QoS and interface startup/shutdown in if.conf have changed but are backwards compatible with
       the old 2.2.x ipchains version of netscript for the interface address configuration settings.  You will have to set up the filtering  again
       to use iptables by directly using the iptables commands.

       Also,  the  kernel  2.2.x version scripts are set up so that iptables is only run on a 2.4.x kernel, otherwise IP forwarding is disabled if
       beforehand you set IPFWDING_KERNEL to FILTER_ON in network.conf.

       This means that when you upgrade a box to a 2.4.x router kernel, you should then be able to reboot it and log  into  remotely  and  upgrade
       netscript  to  the version that will support 2.4.x.  In this situation, if you have set old IPFWDING_KERNEL setting to FILTER_ON beforehand
       in network.conf, all IP forwarding through the box will also be disabled.  This means that you can safely remotely upgrade a firewall.

SEE ALSO

       netscript(8), ipchains(8), iproute(8), brcfg(8).

AUTHOR

       This manual page was written by Matthew Grant <grantma@anathoth.gen.nz>, for the Debian GNU/Linux system (but may be used by others).

BUGS

       The author is lazy.  He needs to write btter man pages...

                                                                 November 23, 2000                                           NETSCRIPT-2.2.conf(5)
All times are GMT -4. The time now is 11:29 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy