Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Also check out m0n0wall. It's FreeBSD-based (rather than Linux), but it works great, doesn't require high-end hardware, and is very easy to set up and use.
You don't need a very powerful system to be a firewall/router. A P200 would be more than enough, unless you get a rediculous amount of traffic e.i 1 Gbit.
Or if you want to build your rules yourself, which I would recommend:
That is the best Iptables tutorial out there. They also give you an example to go off of, which is what my firewall was originally. Its been hacked up since then though.
Hey
I'm preferential to Shorewall. I dunno how it compares to m0n0 or ip cop tho. But with all the exploits in IOS lately, i would not blame you for dropping the Cisco gear. Even if they are mad expensive.
Last edited by linux.llama; 10-15-2005 at 05:44 PM.
Id recomend you read as many tutorials on IPTables as you can and when confident build the firewall/router from scratch. Its the only way to make the firewall/router exactly as you want it. + you will be able to troubleshoot it incase of glitches. Then make a script to add the rules after every reboot.
No, you are not nuts. In fact, we've had less problems administering and managing Linux iptables firewalls. Nothing against Cisco, but we've had several Pix firewalls fail on us, hardware or otherwise. There's nothing wrong with using a Linux iptables firewall, in fact they are all over the place in enterprise environments.
Cisco is hardware based firewall which is more robust and used expecially in high traffic network environment. Where as using linux as a router is a software based solution. If your network has significantly less traffic , then it is more effective and less costly to embrace linux.
That brings up a good point. Even though there are software and hardware firewalls. You have to use those terms loosely because the hardware firewall has to have software i.e. firmware. And since iptables is on the kernel level, isn't a linux firewall pretty close to a hardware firewall?
I'm just curious. Because the kernel administers the rules before it even reaches the user space, right?
Distribution: slack current with 2.6.16.18 (still off the hook)
Posts: 284
Rep:
Not nuts at all
As a matter of fact you can try to go a step further and buid a bridge firewall that will not be accessible from the outisde as a first line of defense.
You will have your machines with public ips but totally firewalled, or you can put just anothe machine after the bridge so you won't have to worry about loosing your main line of defense.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.