Simplify system security with the Uncomplicated Firewall
10-01-2008 08:00 AM
The Uncomplicated Firewall (UFW) is a new tool from Ubuntu whose goal is to make configuration of the built-in Linux packet filter less complicated and more secure for novice users.
I read it in one article that having the same bit system for permissions of a file and for permissions of a directory is not good for the security of a Unix based system.
I do not agree with this fact. Anybody, would like to comment on it ? (2 Replies)
I have recently been tasked to create a script that will daily check our firewalls for any security issues that might have happened. I am not very strong with Unix so I need a lot of help and dont know where to start.
Some things I have thought of so far is I want to search the audit.raw files... (0 Replies)
Hi,
I really do not know how to describe this problem; but, I think it's a firewall
issue. My Distro is Slackware 12.0 (somewhat updated).
My company firewall uses Netfilter and the e-mail server uses Sendmail.
Let's say the firewall's Ext IP = A and Internal DMZ IP = B.
The firewall's... (0 Replies)
I'm a beginner to Unix System Administration and I'd like to start first by having a server setup as a firewall. What would be a good distro to do this with? I'll be running it on an old computer. I plan on using command line only with this box.
Also, where can I start reading about doing this?... (2 Replies)
Hi all
I need to protect Sun solaris 8 Server from any INDOOR ATTACK
also i need to know if any one try to attack the server
Thanks
Regards all (1 Reply)
Firewall mark classifier in tc(8) Linux Firewall mark classifier in tc(8)NAME
fw - fwmark traffic control filter
SYNOPSIS
tc filter ... fw [ classid CLASSID ] [ action ACTION_SPEC ]
DESCRIPTION
the fw filter allows to classify packets based on a previously set fwmark by iptables. If it is identical to the filter's handle, the fil-
ter matches. iptables allows to mark single packets with the MARK target, or whole connections using CONNMARK. The benefit of using this
filter instead of doing the heavy-lifting with tc itself is that on one hand it might be convenient to keep packet filtering and classifi-
cation in one place, possibly having to match a packet just once, and on the other users familiar with iptables but not tc will have a less
hard time adding QoS to their setups.
OPTIONS
classid CLASSID
Push matching packets to the class identified by CLASSID.
action ACTION_SPEC
Apply an action from the generic actions framework on matching packets.
EXAMPLES
Take e.g. the following tc filter statement:
tc filter add ... handle 6 fw classid 1:1
will match if the packet's fwmark value is 6. This is a sample iptables statement marking packets coming in on eth0:
iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 6
SEE ALSO tc(8), iptables(8), iptables-extensions(8)iproute2 21 Oct 2015 Firewall mark classifier in tc(8)