[Techtalk] iptables DMZ and more :)

[Jesika]

I've been deleting a lot, since things have been a little hectic around
here, so I'm stealing Raven's quotes.  Forgive me if I missed something
obvious!   =o)

 Quoth James (Fri, Dec 21, 2001 at 01:13:58PM -0500):
> Anyone have a good rundown on an iptables DMZ firewall?  I've read a few
> premade-fill in the blank scripts for it, but does anyone have their own
> they could share?

I say don't discount the pre-packaged stuff, especially if you don't plan on
staying with this company for the life of the firewall!  I'm currently using
Securepoint Linux at work (an ISP), and have been very happy with it.
(www.securepoint.cc).  It is a scaled down Linux distro that can only be
configured through it's client software, which makes it a little more
secure, and is very easy to manage.  It automatically blocks everything, and
masks the outside IP's, so it's pretty hard to leave anything open
accidently.  Once you install, all you have to do is go into the client, and
tell it exactly what you want to allow.  The interface is fairly easy to
use, and their support is very good as well.  Astaro Linux is another good
product that I've used, and is also well supported.  Neither of these is a
premade script, per se.  You still have to configure them, but they make the
job a lot easier.  You probably have a good reason for doing it from
scratch, but I wanted to point out these tools as they can save considerable
time and grief!

Jesika