Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 11-09-2005, 04:27 AM   #1
Senior Member
Registered: Jul 2004
Location: Skuttunge SWEDEN
Distribution: Debian preferably
Posts: 1,350

Rep: Reputation: 127Reputation: 127
Securing server - SELinux or iptables or both?

I'm setting up a samba-server, FC4, serving two subnets in a school.
Now I have a small question about setting up security: basically the question is "Should I use iptables (no rules at the moment) or SE-Linux (which is active), can I use both or will I end up with a complete confusion?
What I need to do is to separate these subnets, no traffic whatsoever allowed between them.
The smb.conf controls access to shares, but I need to block everything else.
I have used/configured iptables before but never SE-Linux, meaning I'll be up-and running faster if I configure iptables only (leaving SE-Linux at default config).

I should add that the networks resides behind a few firewalls adminstered by the "county" - I need no protection against outside, only against our own users (mainly the students).

Last edited by pingu; 11-09-2005 at 04:31 AM.
Old 11-09-2005, 10:21 PM   #2
Registered: Oct 2005
Posts: 518

Rep: Reputation: 32
If your sitting behind a firewall and not worried about being hacked from the inside then the heck with IP Tables. Now, if people are going to be accessing the server from the outside then ip tables are a must regarding limiting what users can access. This can turn into a complex problem really fast regarding exactly what you are trying to do.

Last edited by brianthegreat; 11-09-2005 at 11:24 PM.
Old 11-10-2005, 05:07 AM   #3
Senior Member
Registered: Jul 2004
Location: Skuttunge SWEDEN
Distribution: Debian preferably
Posts: 1,350

Original Poster
Rep: Reputation: 127Reputation: 127
Thing is, I need to block all traffic between our two subnets.
We are strictly forbidden to allow any traffic between 'students' and 'staff' networks.
You say:
ip tables are a must regarding limiting what users can access
As I understand you, SELinux doesn't really handle access-rights, it is a complement to firewalls not just a more advanced one.
The little I've had time to read about SELinux I think that's correct, it's iptables I need.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
mail server grsecurity-selinux zuessh Linux - Security 1 04-26-2005 02:52 PM
Securing System: Snort, IPTables, Logging Matir Linux - Security 1 11-29-2004 04:06 PM
securing using firestarter or iptables PennyroyalFrog Linux - Security 3 10-13-2004 02:36 PM
Securing iptables kola Linux - Security 20 09-13-2004 04:28 AM
Securing Server brentos Linux - Security 4 06-08-2004 11:57 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:03 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration