stewart allen wrote:

> Hi all
> I need some quick advice. I am not completely new at Lixux, since I
> already installed Redhat Linux 7.X. That was not much of a challenge,
> because I did not do much more than insert the cd into my computer cd-rom
> drive. I am now at the point where I have a mixed network at home which i
> am using baically for education purpose. So I would like to set up a
> firewall for my network, but would like to use a Linux distribution,
> because it may be cheaper. Can someone advise me which distribution may be
> the easiest for setting up a firewall. Since i lack basic proficiency in
> Linux I would like to have it very simple to use.
>
> stewart

In recent times the netfilter firewall is part of the Linux kernel. The
program that goes with this to configure it is called iptables. This
program although well worth learning, is cryptic to beginners. You can try
to read the tutorials on netfilter.org, or get a front-end application like
FireStarter or Lokkit. These programs will generate the iptables rules for
you.

Durk

On Sat, 28 Feb 2004 21:19:24 -0500, "stewart allen"
wrote in message
news::

> Hi all
> I need some quick advice. I am not completely new at Lixux, since I
> already installed Redhat Linux 7.X. That was not much of a challenge,
> because I did not do much more than insert the cd into my computer
> cd-rom drive. I am now at the point where I have a mixed network at home
> which i am using baically for education purpose. So I would like to set
> up a firewall for my network, but would like to use a Linux
> distribution, because it may be cheaper. Can someone advise me which
> distribution may be the easiest for setting up a firewall. Since i lack
> basic proficiency in Linux I would like to have it very simple to use.
>
> stewart

I use Coyote Linux. It basically just runs from a floppy, so the computer
you put it on doesn't even need a hard drive. All you need is an old 386
or 486 PC, two NICs (or one NIC and a modem), and you're ready to go. If
you're still on a modem, I would recommend you get version 1.x instead of
2.x. 2.x doesn't have all the bugs worked out of it for dialup yet.

Here is the website:
http://www.coyotelinux.com

--
Lurlean Lie #11:
I KNOW you do it at least to the shack up lover boy you call your hubby.
news:7908c278.0312041650.3e7f0593@posting.google.c om

"stewart allen" wrote in message news:...
> Hi all
> I need some quick advice. I am not completely new at Lixux, since I already
> installed Redhat Linux 7.X. That was not much of a challenge, because I did
> not do much more than insert the cd into my computer cd-rom drive.
> I am now at the point where I have a mixed network at home which i am using
> baically for education purpose. So I would like to set up a firewall for my
> network, but would like to use a Linux distribution, because it may be
> cheaper. Can someone advise me which distribution may be the easiest for
> setting up a firewall. Since i lack basic proficiency in Linux I would like
> to have it very simple to use.
>
> stewart

Use a distribution specifically designed to run as a firewall then.
Some run right of a floppy, others off a CD. With most you generally
don't need to do anything apart from change the configuration to suit
your network so your Linux knowledge can be minimal (editing a file).

OpenBSD.

I know the question was for a linux distro, but you really should
consider OpenBSD. I think the packet filtering tools are much simpler
to understand, and OpenBSD is probably the most secure OS with only a
default install. As far as ease of use goes, I would say PF is very
simple. I can't speak as far as a GUI or web interface would go, as I
don't use them.

"stewart allen" wrote in message news:...
> Hi all
> I need some quick advice. I am not completely new at Lixux, since I already
> installed Redhat Linux 7.X. That was not much of a challenge, because I did
> not do much more than insert the cd into my computer cd-rom drive.
> I am now at the point where I have a mixed network at home which i am using
> baically for education purpose. So I would like to set up a firewall for my
> network, but would like to use a Linux distribution, because it may be
> cheaper. Can someone advise me which distribution may be the easiest for
> setting up a firewall. Since i lack basic proficiency in Linux I would like
> to have it very simple to use.
>
> stewart

"stewart allen" wrote in message
newsZmdnTg3xqes0dzd4p2dnA@comcast.com...
> Hi all

IPCOP

Keith Kris wrote:
> [snip] and OpenBSD is probably the most secure OS with only a
> default install

If you're wanting to make a secure firewall, never rely on the "default
install" of any general OS (distribution).

The only "default install" I would even consider trusting would be of a
dedicated firewall distribution, like
www.smoothwall.org
www.ipcop.org
www.dubbele.com

--
Ben M.

----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.

What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harassment).

Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.

Read about the ongoing battle at http://swpat.ffii.org/
----------------

Ben Measures writes:
>
> If you're wanting to make a secure firewall, never rely on the
> "default install" of any general OS (distribution).

OpenBSD is a little different. Its default install is apparently
pre-hardened (and auditted) in a way that other general OSes aren't.
See, for example:

http://www.openbsd.org/security.html

--
Kevin

Someone new to Linux isn't going to have experience hardening their
own boxes. The OpenBSD team is obsessed with security. In fact, they
pride themselves in the fact that the default install has had only one
remote exploit in the past seven years. While I agree with you in
theory, in practice, OpenBSD is about the toughest thing you could put
in production as far as security goes. I'd glady match a default
install against any hardened linux installation for remote exploits.

Ben Measures wrote in message news:...
> Keith Kris wrote:
> > [snip] and OpenBSD is probably the most secure OS with only a
> > default install
>
> If you're wanting to make a secure firewall, never rely on the "default
> install" of any general OS (distribution).
>
> The only "default install" I would even consider trusting would be of a
> dedicated firewall distribution, like
> www.smoothwall.org
> www.ipcop.org
> www.dubbele.com
>
> --
> Ben M.
>
> ----------------
> What are Software Patents for?
> To protect the small enterprise from bigger companies.
>
> What do Software Patents do?
> In its current form, they protect only companies with
> big legal departments as they:
> a.) Patent everything no matter how general
> b.) Sue everybody. Even if the patent can be argued
> invalid, small companies can ill-afford the
> typical $500k cost of a law-suit (not to mention
> years of harassment).
>
> Don't let them take away your right to program
> whatever you like. Make a stand on Software Patents
> before its too late.
>
> Read about the ongoing battle at http://swpat.ffii.org/
> ----------------

Keith Kris wrote:
> Someone new to Linux isn't going to have experience hardening their
> own boxes.

True. I never suggested that. I suggested that they get a dedicated
firewall distro rather than a general OS. This helps prevent
configuration errors (to make it into a NATing firewall).

> The OpenBSD team is obsessed with security. In fact, they
> pride themselves in the fact that the default install has had only one
> remote exploit in the past seven years.

True and very commendable.

However, since it is very close to a "disallow everything" default
install, some configuration is needed to make it route packets
(selectively), and this can be a security problem if you don't know what
you're doing.

> While I agree with you in
> theory, in practice, OpenBSD is about the toughest thing you could put
> in production as far as security goes.

True. As a general OS.

> I'd glady match a default
> install against any hardened linux installation for remote exploits.

Moot point since a default install won't (selectively) NAT packets.