[Sheflug] Re: Firewall Stuff

[Richard <nospam [at] sheflug.co.uk>]

Graham

Graham Cox wrote:

> If you just want a firewall, and aren't bothered about the mechanics
> behind it, then there is a good package called pmfirewall that will
> handle everything needed to set up IPChains as a firewall. It should
> be available on freshmeat if you want a look.

No, I'd really like to learn more about firewalls.  Help from Alex and
a mix and match between books seems to be working.  The IPCHAINS howto
is a museum piece in comparison with the Linux and open BSD security
books.

Looking at the stuff in front of me it's become obvious that some
people prefer to start with a DENY policy at the top and others prefer
an ACCEPT policy and then block out a few things.  DENY is fine for a
single dialup box but it doesn't like home networks.

When I've finished this one I have to try to work out dial on demand
with i4L.  I thought diald might work but I can't find anyone who
knows anything about using it with isdnctrl and friends.

Thanks

-- 
Richard

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.