[NCLUG] Firewall question

[Chris Funk]

Hi, Marcio

Not really answering your question, but if you want an extremely easy and
configurable iptables firewall generator/script check out
http://muse.linuxmafia.org/gshield.html  It sets up the firewall by
answering a few questions in a script.  Then you can add forwards, allow
specific/trusted hosts/ports, blacklist hosts, etc.

Chris

>
>
> I sort of figured out a quick answer to the question I posted earlier.
> I  added this to my iptables config script:
>
>   /sbin/iptables -A INPUT -i eth1 -d 0/0 -p all -j REJECT
>
> Anyhow, this seems to be a good stopgap measure, but there is the side
> effect  that the "firewall" machine now cannot talk to the outside
> world directly  (well, it can, but it can't get back a reply). So now I
> have the awkward  situation where machines in my internal network can
> speak freely through the  firewall, they can also contact services
> running on the firewall, but  processes running on firewall itself can
> only speak with the internal network  and not at all with the outside
> world (I suppose if my "firewall" needs to send a  message to the
> outside world, it could "ssh" to one of the machines in the  internal
> network and tunnel through itself that way, but that would be very
> strange indeed).
>
> So, my only remaining questions are: Do you guys see any pitfalls with
> I am  doing? And is there a better way to do what I am trying to do?
>
> Marcio Luis Teixeira
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modify your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug





***************************************
Chris Funk
Network Administrator
Golden Coast Management
chris at goldencoast.com