Haseldow
10-14-2002, 06:25 AM
Hello,
I have been pondering on whether to redo my firewall. The continuous attempts to my firewall box has made me a bit more paranoid. I'm currently running a firewall that has medicore security works OK (I guess).
What I'm looking for is a solution where:
1) The firewall runs from CD(RW)
2) Uses IPTABLES
3) Loads IPTABLES rules from another linux box (using NFS mount)
4) Unmounts the NFS mount before external interface is up
5) Writes logs to the other Linux box (using NFS mount)
6) Is extremely secure ;) (okay okay...relatively)
Hmmm...maybe some other aspects too as to how to disable the use of certain commands after extif is up and whether there is a ready distribution that satisfies my needs. What else should I think about when building a secure firewall?
I have read a few books about this stuff, but I would like to hear opinions and pointers. So please give me _GREAT_ ideas to inspire me some more.
Thanks a bunch,
-Haseldow
Ps. Am thinking Devil-Linux atm...any experiences?
I have been pondering on whether to redo my firewall. The continuous attempts to my firewall box has made me a bit more paranoid. I'm currently running a firewall that has medicore security works OK (I guess).
What I'm looking for is a solution where:
1) The firewall runs from CD(RW)
2) Uses IPTABLES
3) Loads IPTABLES rules from another linux box (using NFS mount)
4) Unmounts the NFS mount before external interface is up
5) Writes logs to the other Linux box (using NFS mount)
6) Is extremely secure ;) (okay okay...relatively)
Hmmm...maybe some other aspects too as to how to disable the use of certain commands after extif is up and whether there is a ready distribution that satisfies my needs. What else should I think about when building a secure firewall?
I have read a few books about this stuff, but I would like to hear opinions and pointers. So please give me _GREAT_ ideas to inspire me some more.
Thanks a bunch,
-Haseldow
Ps. Am thinking Devil-Linux atm...any experiences?