Securing server - SELinux or iptables or both?
I'm setting up a samba-server, FC4, serving two subnets in a school.
Now I have a small question about setting up security: basically the question is "Should I use iptables (no rules at the moment) or SE-Linux (which is active), can I use both or will I end up with a complete confusion? What I need to do is to separate these subnets, no traffic whatsoever allowed between them. The smb.conf controls access to shares, but I need to block everything else. I have used/configured iptables before but never SE-Linux, meaning I'll be up-and running faster if I configure iptables only (leaving SE-Linux at default config). (edit) I should add that the networks resides behind a few firewalls adminstered by the "county" - I need no protection against outside, only against our own users (mainly the students). |
If your sitting behind a firewall and not worried about being hacked from the inside then the heck with IP Tables. Now, if people are going to be accessing the server from the outside then ip tables are a must regarding limiting what users can access. This can turn into a complex problem really fast regarding exactly what you are trying to do.
|
Thing is, I need to block all traffic between our two subnets.
We are strictly forbidden to allow any traffic between 'students' and 'staff' networks. You say: Quote:
The little I've had time to read about SELinux I think that's correct, it's iptables I need. |
All times are GMT -5. The time now is 10:52 AM. |