Firewall - Very limited Access - suggestions

Kevin F. Berrien kblists at comcast.net
Sat May 29 22:26:08 UTC 2004


I did check Firestart out yesterday on the old box which will serve as 
the firewall.  Found it someone odd, in that when I'd activate the 
firewall it didn't look as if iptables was running.  Also, it didn't 
look granualar enough (from my quick overview) for what I want to do, 
very specific rules.  Perhaps I'm wrong.  If you use Firestarter, do you 
think it's detailed enough for my needs (see below).

Don Campbell wrote:

> Look into Firestarter:
> http://firestarter.sourceforge.net/index.php
>
> gui setup, a knowledgeable group who contribute to a very helpful
> email list. Your needs sound like they're for a very high level
> of security. You probably should also look into ways of hardening
> the machine that is the firewall.
>
> Kevin F. Berrien wrote:
>
>> I'm intersted in building a bastion firewall for the following 
>> sistuation.  Have a closed network (police dept).  There are no 
>> crosses to the internet.  However, we'd like VERY LIMITED access by 
>> the Windows DC server for the following: Windows update (via SUS), 
>> Symantec AV updates, VNC/or remote desktop connection to 1 or 2 
>> workstations on our WAN.
>>
>> Thus, I want to limit all traffic except various protocols/ports 
>> between specific IP's/URL's.
>>
>> Certianly FC and iptables can do this, does anyone recommend a 
>> configuration utility, start off  scripts, etc?  Should I be looking 
>> more into LRP (now defunct), etc?  My iptables knowledge is not great 
>> (did it years ago), so some configuration utility would be great, and 
>> my co-workers isn't experienced in this area at all.
>>
>>
>
>





More information about the fedora-list mailing list