[K12OSN] Linux Firewalls & Routers done easy -> firehol
Burroughs, Henry
HBurroughs at hhprep.org
Fri Oct 23 13:00:19 UTC 2009
I used to write iptables by hand.... In particular in the DENY
everything then poke the holes through.
I don't know if anyone on the list is using it, but I highly recommend
"Firehol" http://firehol.sourceforge.net
<http://firehol.sourceforge.net/>
It generates the iptables commands from a separate configuration file
that is really easy to understand and use. I use it as my network
firewall/router and handle multiple interfaces (including vlans), ip
forwarding/masquerading, a wireless DMZ, and eventually a full DMZ. I
also do destination nat mangling with it as well. There are redhat
compatable RPMS that you can just install from. In particular, it has a
"try" mode so if you are modifying the configuration remotely and do
something to lock yourself out it will revert to your previous firewall
state after 30 seconds unless you "commit" the changes. It also is
working beautifully with my squidguard proxy setup on the same host
(transparent works nicely), and it should be fairly easy to lock down my
outbound connection ports in the near future using firehol (and a whole
lot easier to reverse the process if restricting ports causes us
problems).
Have a great weekend!
Henry Burroughs
Technology Director
Hilton Head Preparatory School
www.hhprep.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20091023/69560445/attachment.htm>
More information about the K12OSN
mailing list