Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

need for linux firewall ?

Options
  • 18-02-2006 12:26am
    #1
    voxpop
    Registered Users Posts: 2,800 ✭✭✭


    Currently I have a netgear router (blueface one - ta613v) and then a linux box with iptables acting as a firewall - I have at least one machine that is alway on and connected to the net. Im wondering if the netgear firewall is enough or should I keep the linux box, as is, between the internet and home network ? Basically is the netgear firewall good enough or should I keep my (fairly complex) iptables firewall ?


Comments

  • Options
    #2
    deimos
    Closed Accounts Posts: 210 ✭✭deimos


    Well what does your iptables script do?

    Are you blocking out all outside access to any ports on the machine, etc, etc. We need to see the script!

    You could also install snort and set it up to email you activity logs. E.g. it will email you with any suspicious activity for the day.


    At the end of the day, the netgear router is probably all you need, just once it does SPI (i think that's what it's called) and checks all incoming packets that it's masquerading to make sure they are "established/related".

    (E.g. (tcpheader->flags == 0x02) == 0 (for incoming packets), if that makes sense to anyone).


  • Options
    #3
    voxpop
    Registered Users Posts: 2,800 ✭✭✭voxpop


    the script I use is based heavly on Arno's Iptables scritp (http://freshmeat.net/projects/iptables-firewall/)


  • Options
    #4
    crashedmind
    Closed Accounts Posts: 59 ✭✭crashedmind


    In general for home use, an additional linux machine acting as a dedicated firewall sounds excessive but that depends on what you need e.g. IDS as suggested below, port-forwarding, DMZ, etc...

    Either way, I'd recommend that each machine have its own (soft) firewall configured to suit that machine's purpose in addition to the router firewall i.e. make sure you are covered in case your outer defenses are breached.

    It is worthwhile running nmap or other port scanner on your setup to verify it is doing what you think it is.


  • Options
    #5
    rogue-entity
    Registered Users Posts: 1,647 ✭✭✭rogue-entity


    You could also install a caching proxy server on that linux box. Or if you want to go one step further, you can also install a content filter with that proxy.

    You configure the software to block what YOU want. I currently use the ContentFilter on my firewall to block advertising servers.


  • Options
    #6
    NutJob
    Closed Accounts Posts: 884 ✭✭✭NutJob


    rogue-entity wrote:
    You could also install a caching proxy server on that linux box. Or if you want to go one step further, you can also install a content filter with that proxy.

    You configure the software to block what YOU want. I currently use the ContentFilter on my firewall to block advertising servers.



    Can i suggest a slightly different approach that can make all the difference

    Deny All as a default

    then allow what you want/need


  • Advertisement
Advertisement