[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Firewall config tools, formerly wqPhoebe2 install report



agreed.. FireStarter would be nice in the "extras" section of say System
Tools as "Advanced Firewall Builder" ... but LOKKIT just needs some
re-working... not sure if I could come up with 3 levels (high/med/low)
but I certainly could come up with ON/OFF :) ... maybe make the current
"block certain ports" mentality be the "low" .. high should be a default
policy of drop and only allow related/established in.. (plus user
selected exceptions of course).. but medium?? anyone?? maybe high should
NOT allow a user to let certain ports in.. medium should be the default
deny + related/established + user accepted "holes" ??

sound good?


On Tue, 2003-01-28 at 01:21, John Summerfield wrote:
> On Mon, 27 Jan 2003, Jack Bowling wrote:
> 
> > ** Reply to message from Tommy McNeely <tommy mcneely sun com> on Mon, 27 Jan 2003 18:25:46 -0700
> > 
> > 
> > > IMHO LOKKIT is worthless.. it needs re-written from an iptables 
> > > mentality, instead of a port that just s/ipchains/iptables/g... start 
> > > with a -P DROP ..and work from there sort of thing.. allowing in certain 
> > > ports like it currently does.. but for nfs, that may be difficult... 
> > > related/established *might* work for nfs.. will have to try from my 
> > > laptop .. but forgot to allow ssh... so thats gotta wait for a while.
> > 
> > RH should just license Firestarter and stop all this nonsense.
> 
> Nah. I just did a deps check. It wants Gnome, and that's not ideal for a
> firewall or server system.
> 
> Anything else with a TUI? Maybe, maybe, a web interface (must look at
> webmin).
> 
> 
> 
> 
> -- 
> 
> John
> 
-- 
Tommy McNeely <Tommy McNeely Sun com>
Sun Microsystems





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]