[NCLUG] Two easy? security questions...

dobbster dobbster at verinet.com
Mon Sep 4 23:53:20 MDT 2000


> > > http://www.linux-firewall-tools.com has more info, including an automated
> > > firewall script generator.
> > >
> > > The fine folks over at tummy.com also have IsinGlass, which works quite
> > > nicely: http://www.tummy.com/isinglass
> >
> > Thanks...  I'll check both of these places out. It sounds as if some
> > of these tools might provide me additional protection.
> >
> > I do have ipchains configured into my kernel already. Where would I set
> > the deny rule?  (inetd.sec?)
> 
> No, you set the rules in another file; you can really do it anywhere you
> want; I use to do it in /etc/rc.d/rc.local on my RedHat system, and now I
> have rc.local call rc.network, which sets up some virtual interfaces, and
> also calls rc.firewall, which has all my rules in it.
> 
> If you use linux-firewall-tools.com, you'd place the output from the
> website in a firewall like rc.firewall; if you use isinglass, they
> probably have a procedure documented.

I checked out isinglass and I am experimenting with it on a test
system.  Evidently I have a lot of reading to do. :-)

Since my server doesn't use IMAP, couldn't I just remove it from the
/etc/inetd.conf and thus at least avoid that port?

Thanks for all of the help...

Mark (dobbster at verinet.com)



More information about the NCLUG mailing list