[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Firewall - Very limited Access - suggestions

Kevin F. Berrien wrote:
I'm intersted in building a bastion firewall for the following sistuation. Have a closed network (police dept). There are no crosses to the internet. However, we'd like VERY LIMITED access by the Windows DC server for the following: Windows update (via SUS), Symantec AV updates, VNC/or remote desktop connection to 1 or 2 workstations on our WAN.

Thus, I want to limit all traffic except various protocols/ports between specific IP's/URL's.

Certianly FC and iptables can do this, does anyone recommend a configuration utility, start off scripts, etc? Should I be looking more into LRP (now defunct), etc? My iptables knowledge is not great (did it years ago), so some configuration utility would be great, and my co-workers isn't experienced in this area at all.

I like fwbuilder. It's not the easiest to install as it does have a few dependencies, but it's worth it.

It can handle bridging firewalls which is useful if you want to insert a firewall in an existing network to firewall two segments of the same subnet, or you want a totally transparent firewall, with no network presence.

Also, it can handle multiple firewalls, so I have fwbuilder setup to handle the rules for our boundary firewall, the firewalls on the 'Net facing servers such as mail and web servers, all from one configuration on my desktop. It compiles the rules and then installs them on the relevent machine.

-- Nigel Wade, System Administrator, Space Plasma Physics Group, University of Leicester, Leicester, LE1 7RH, UK E-mail : nmw ion le ac uk Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]