Get a handle on iptables:
http://www.shorewall.net/
I have an old P100 with 3 NICs (DMZ setup) and I started running Shorewall as of yesterday. I really like it so far. If you are a webmin fan then you'll find shorewall configuration built right in to webmin. I didn't realize it until I had it all configured but I prefer to use vim for configuring this stuff anyhoo. Give it a try, you might like it.
Too bad it doesn't have FreeSWAN IPSEC VPN support. Oh well, I need to keep something manually configured to keep my sanity.
Shorewall
6 posts
• Page 1 of 1
by agent007 » Mon Jun 23, 2003 11:33 pm
IS this frontend easy to use? On my standalone system, I wanted to create a rule
s that would allow only 'galeon', 'squid' and 'evolution' access to the internet and block every other app.....Would that be possible?
thanks.
s that would allow only 'galeon', 'squid' and 'evolution' access to the internet and block every other app.....Would that be possible?
thanks.
- agent007
- administrator
- Posts: 254
- Joined: Wed Feb 12, 2003 11:26 pm
by Void Main » Mon Jun 23, 2003 11:46 pm
This does not block applications. I use Shorewall on a dedicated firewall machine and in order for it to block applications it would have to run on every machine that you wanted applications blocked on (unless you have a bit of magic I don't know about). I do recall such an app that could block applications. I believe it was robbed from, or was originally written for *BSD. I can't remember the name of it at the moment and would have to do some digging to see if I can find it if you are interested. I just can't think of a reason to block based on application.
-
Void Main - Site Admin
- Posts: 5705
- Joined: Wed Jan 08, 2003 5:24 am
- Location: Tuxville, USA
by agent007 » Tue Jun 24, 2003 2:36 am
VoidMain,
I think that blocking applications is the safest....I mean, afterall everything will be blocked and only the ones I want will get outboud access.....This way I dont have to worry about something in the background making a connection to the net..
If u do remember then, pls post.
thanks.
I think that blocking applications is the safest....I mean, afterall everything will be blocked and only the ones I want will get outboud access.....This way I dont have to worry about something in the background making a connection to the net..
If u do remember then, pls post.
thanks.
- agent007
- administrator
- Posts: 254
- Joined: Wed Feb 12, 2003 11:26 pm
by Void Main » Tue Jun 24, 2003 7:35 pm
I am more concerned with where the applications are going rather than which applications are used to get there but that's just me. I can see benefit in blocking certain applications. After all, IE is insecure so it would be great to only allow Mozilla for instance, in addition to restricting where it can go via normal firewall rules.
Now for the bad news. I can't for the life of me remember what the name of that application blocking was called and I've had no luck finding it in a search in a fair amount of searching. I can't even remember exactly where I was involved in the discussion of it. It seems like around a year ago that it came up in a discussion. Sorry...
Now for the bad news. I can't for the life of me remember what the name of that application blocking was called and I've had no luck finding it in a search in a fair amount of searching. I can't even remember exactly where I was involved in the discussion of it. It seems like around a year ago that it came up in a discussion. Sorry...
-
Void Main - Site Admin
- Posts: 5705
- Joined: Wed Jan 08, 2003 5:24 am
- Location: Tuxville, USA
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests