On Mon, 2002-07-22 at 20:49, David Kramer wrote: > Mark, > > Newbie question here: > Is it best to setup the Firewall using the Firewall Form during install, or > start from scratch?
Personally I cannot comment upon the RedHat Firewall setup (but it seems ok, Ive not seen anyone moan about it, unless they choice the wrong settings). I always use my own setup and chains. The good thing about setting it up from scratch is you can trouble shoot it easier rather than going point, click off we go, than panaking when it goes wrong, as you don't know where the config files are etc. ;-) I would recommend using the default rule of DROP for everything and then allow connection to 127.0.0.1 (otherwise local services will bite the dust), then setup you're rules one at a time and then test, then add some more. But *Remember* where you put the rules has a major effect, for example. If you decide to block outgoing requests to port 53 (DNS), then decide to allow web access after that rule, its gonna barf!, as we are blocking the ports. Another thing I do when testing new rules is to log each action (regardless of what they do) using the -j LOG --log-prefix switch, ie: I use predefined settings in my firewall (makes it easier to read) /sbin/iptables -A INPUT -i $EXTIF -p tcp --dport 445 \ -j LOG --log-prefix "SMB-DROP" /sbin/iptables -A INPUT -i $EXTIF -p tcp --dport 445 -j DROP That logs and drops incomming SMB requests as 'SMB-DROP', so in /var/log/messages I know that that rule has worked, this can be applied for the accept as well. Hope that helps Mark -- --- To steal ideas from one person is plagiarism; to steal from many is research. _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
