[olug] firewall

Jon Larsen jlarsen at cas-online.com
Wed Jun 13 14:20:24 UTC 2001 

Jon -

I believe that any DENY entries are logged via syslog when using either
ipchains or iptables. 

On the ipchains vs iptables debate - iptables uses "Stateful Firewalling"
techniques (aka Stateful Inspection), not unlike the commercial package
Firewall-1 (which runs on Solaris, Linux, Windows).
Stateful inspection involves reviewing communication layer, application
layer, and packet filtering as a whole to make decisions.  It's a little
bit stronger on gauging what items to take into account when responding to
a packet.

Phil can talk rings around me on the ipchains/iptables subject, so I won't
try to bore you with my feeble attempt.

Here is what I usually do once I have the designated firewall box up and
both interfaces running.

Get and install PMfirewall - very easy to setup and install, with a
questionnaire type setup.  Also comes with an uninstall if you wish to
rerun the questionnaire.  Setup scripts are easy to edit if needed.

Install Logwatch - daily summary reports for the system.  It'll show
attempts on the system that it reads from the syslogs.

(if you are really interested in getting lots of email, install LogCheck
in addition to LogWatch - it'll do a once an hour check on your logs -
handy for monitoring system activity for a day)

Intall Portsentry - A nice package that'll respond to portscans,
connection attempts, etc.  You can specify hosts to block, as well as
hosts to ignore.  There are several settings for portsentry. 

Jon L.

PS - Now that I've posted again (for the first time in a long time),
perhaps now we'll be able to tell both Jon members apart.

PPS - Freshmeat http://freshmeat.net should have all the mentioned
programs listed in their database.

On Wed, 13 Jun 2001, Jon wrote:

> Date: Wed, 13 Jun 2001 08:29:32 -0500
> From: Jon <thechunk at thechunk.dhs.org>
> Reply-To: olug at bstc.net
> To: Olug Mailing List <olug at bstc.net>
> Subject: [olug] firewall
> 
> does anyone use ipchains or iptables as a firewall?  If you do I have some quick questions.  
> How do you log addresses of people who attempt connections.  
> Is iptables easy to go to from ipchains?  Is iptables superior to ipchains?
> 
> Thanks
> -Jon

----
[ Jon Larsen, Net.Admin  | CAS, Inc.                 ]
[ jlarsen at cas-online.com | 10303 Crown Point Avenue  ]
[ 402.964.9998 x2075     | Omaha, NE  68134-1061     ]
[ ICQ# 28192038          | http://www.cas-online.com ]
[ Plain-Text Email Only! | ftp://ftp.cas-online.com  ]


---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net

More information about the OLUG mailing list