[Techtalk] Good firewall configuration tool for debian

Devdas Bhagat devdas at dvb.homelinux.org
Fri Apr 9 14:20:04 EST 2004


On 09/04/04 10:55 +1000, Kathryn Andersen wrote:
> On Thu, Apr 08, 2004 at 07:35:29PM +0530, Devdas Bhagat wrote:
> > On 08/04/04 23:18 +1000, Rasjid Wilcox wrote:
> > > Can anyone recommend a good iptables firewall configuration tool for debian 
> > > woody?
> > Firestarter is a good GUI application, even though the rules it
> > generates are, to say the least, hairy.
> 
> Hairy?
I suggest looking at the files it generates.

> I must admit, I have just used firestarter as a set-and-forget firewall
> because I didn't want to have to do things by hand, but I realized I
> should have a firewall when I noticed odd things in my Apache access log which
> looked as if someone was trying to exploit some MS-Windows hole (it was 
> trying to find files like ../../win32.exe and so on).
Probably a worm. No packet filter will help you against exploits on a
publicly available application.
 
> I'm just using dialup so it was really more of a precaution than
> anything else.
What are you doing running Apache on dialup anyway?
 
> If/When I move to ADSL... I notice in the listings of ADSL modems, one
> could get a plain modem, or one could get a router which has all sorts
> of built in stuff including NAT and a firewall.  Is it better to just
> set up all that stuff on one's own box, or to use a router?  All I know
> about NAT is that some people think it's evil...
NAT breaks the peer to peer nature of the Internet. It does not porvide
any real security, but it provides a modicum of security for people who
only wish to be consumers and are running locked down boxes.
The NAT router will offer nothing more to you than a plain ADSL modem
plus a hardened Linux box, but the Linux box can actually do a lot more.

Devdas Bhagat


More information about the Techtalk mailing list