decent non-embeded firewall
Stephen
cryptworks at gmail.com
Thu Apr 2 10:42:39 MST 2009
smoothwall actually has a package set that layers of an existing
installation, in addition to their real product which is the stand
alone firewall. It is essentially the tool set that makes smoothwall
(on top of the OS hardening). I tried getting it to run on slackware
at one time, but had limited success. but that was a few years ago and
i have learned since then.
On Tue, Mar 31, 2009 at 12:45 AM, Bryan O'Neal
<boneal at cornerstonehome.com> wrote:
> I thought smothwall was a stand alone isolated distribution that ran on
> dedicated hardware, not something I could put on top of a standard
> distribution thus allowing me to keep the box hooked up for its "tv" centric
> features. If I had a small dedicated box I could get away with using I would
> probably put on SmotheWall/MonoWall/pfSense or the like and forget it.
> However I would really like to use the available box for other non critical
> tasks. So far ShoreWall is the closest thing I found out their. I kind of
> expected more advancement in the last four years, but I also understand that
> this kind of shared system would never be accepted by anyone but home users
> (with good reason) and with such a small target it just may not be as
> interesting to developers.
>
> I wipe the box regularly and it interacts with my other systems very little,
> so I do not mind it being a border router, but I am not that great with
> IPTables (not to mention I don't really trust it that much) so a prebuilt
> firewall package would be preferred.
>
> Especially after being schooled for my belief that regional blocking is an
> OK first line of defense ;) Kinda shakes the confidence regarding my ability
> to configure a decent firewall :)
>
>
>
> -----Original Message-----
> From: plug-discuss-bounces at lists.plug.phoenix.az.us
> [mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Andrew
> "Tuna" Harris
> Sent: Tuesday, March 31, 2009 12:11 AM
> To: "plu>"@lists.plug.phoenix.az.us>Main PLUG discussion list
> Subject: Re: decent non-embeded firewall
>
> Top posting because long email is long.
>
> Did you ever look at Smoothwall? I'm going to implement it for one of my
> clients pretty soon.
>
> http://smoothwall.org/
>
> Excerpts from Bryan O'Neal's message of Mon Mar 30 23:17:46 -0700 2009:
>> My Netgear FVS318 router/firewall has developed a nasty habit of
>> rebooting every time it gets both portscaned and repeated gnutella
>> requests (who still runs gnutella anyway?) so I am looking to put in a
>> boarder router/firewall to protect it (read replace it if not for the
>> lack of an 8 port switch) However the wife will not let my drop an old
>> ugly tower were I need it to go. However I do have a box I am using
>> for "web tv" purposes that I can toss a firewall on. My requirements
>> are
>> simple:
>> * Runs on top of a stranded distribution (Ubuntu, Fedora/CentOS,
>> OpenSuSE, etc) not as a stand alone isolated distribution on
>> dedicated hardware.
>> * Does port forwarding
>> * Does NAT
>> * Does Static Routes (Important if I have another router behind
>> it)
>> * Does Statefull inspection
>> * Does not break IPSec/PFS/L2PT/Etc.
>> * Does custom black listing
>> * Prevents DoS (Syn flood, ICMP flood, UDP flood, port scans,
>> ping of death, IP spoofing, land attack, tear drop attack, IP
>> address sweep attack, Win Nuke attack, etc)
>> * Does intrusion detection, preferably with email alerts
>>
>> Would be nice if it also does:
>> * GUI configuration
>> * QoS
>> * DHCP
>> * IAC (Outbound rules)
>> * SNMP2
>> * Decent logging/reporting
>> * GUI Dashboard
>> * DynDNS
>> * Web content filtering
>> * DNS Proxy
>> * Black list service
>>
>> Can any one recommend something or am I left to cobble together what I
>> can with iptables...
>>
>> Bryan O'Neal
>> O'Neal & Associates
>> Phone: (602) 295-4356
>> Fax: (602) 795-6050
>> E-Mail: Bryan.ONeal at TheONealAndAssociates.com
>>
>>
>> Blogger <http://twitter.com/BryanONeal>
>> Twitter <http://mlwtech.blogspot.com/>
>> Linkedin <http://www.linkedin.com/in/thebryanoneal>
>>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.
Stephen
More information about the PLUG-discuss
mailing list