Firewall - Very limited Access - suggestions
Nigel Wade
nmw at ion.le.ac.uk
Wed Jun 2 12:56:13 UTC 2004
Kevin F. Berrien wrote:
> I'm intersted in building a bastion firewall for the following
> sistuation. Have a closed network (police dept). There are no crosses
> to the internet. However, we'd like VERY LIMITED access by the Windows
> DC server for the following: Windows update (via SUS), Symantec AV
> updates, VNC/or remote desktop connection to 1 or 2 workstations on our
> WAN.
>
> Thus, I want to limit all traffic except various protocols/ports between
> specific IP's/URL's.
>
> Certianly FC and iptables can do this, does anyone recommend a
> configuration utility, start off scripts, etc? Should I be looking
> more into LRP (now defunct), etc? My iptables knowledge is not great
> (did it years ago), so some configuration utility would be great, and my
> co-workers isn't experienced in this area at all.
>
>
I like fwbuilder. It's not the easiest to install as it does have a few
dependencies, but it's worth it.
It can handle bridging firewalls which is useful if you want to insert a
firewall in an existing network to firewall two segments of the same subnet,
or you want a totally transparent firewall, with no network presence.
Also, it can handle multiple firewalls, so I have fwbuilder setup to handle
the rules for our boundary firewall, the firewalls on the 'Net facing
servers such as mail and web servers, all from one configuration on my
desktop. It compiles the rules and then installs them on the relevent machine.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw at ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
More information about the fedora-list
mailing list