Minix3 Firewall? - Minix

This is a discussion on Minix3 Firewall? - Minix ; I looked around in the Minix3 "man pages" and, of course, did some searches, but couldn't find anything that appeared to support the creation of a firewall on Minix3 (e.g., 'iptables', ...). Is something available? Sorry if I missed the ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Minix3 Firewall?

  1. Minix3 Firewall?

    I looked around in the Minix3 "man pages" and, of course, did some
    searches, but couldn't find anything that appeared to support the
    creation of a firewall on Minix3 (e.g., 'iptables', ...).

    Is something available?

    Sorry if I missed the obvious ...

    Thanks!
    --
    Prof Kenneth H Jacker khj@cs.appstate.edu
    Computer Science Dept www.cs.appstate.edu/~khj
    Appalachian State Univ
    Boone, NC 28608 USA

  2. Re: Minix3 Firewall?

    Kenneth Jacker wrote:
    > I looked around in the Minix3 "man pages" and, of course, did some
    > searches, but couldn't find anything that appeared to support the
    > creation of a firewall on Minix3 (e.g., 'iptables', ...).


    Look at the serv.access(5) man page. It shows how you can restrict
    access to the various services whose daemons are started by tcpd, such
    as ftp, telnet, http, and the deprecated insecure rsh and rcp services.

    There also is a tcpd.8 man page that is not in the current Minix 3
    CD-ROM image (3.1.2a), since it was written after that release was
    posted. It should be in the next package. It and several other new or
    updated man pages are available on my site, read
    http://minix1.woodhull.com/current/2...es/man0606.txt
    for more info or just download the tarball,
    http://minix1.woodhull.com/current/2.../man0606.tar.Z

    For sshd, which is not controlled by tcpd, there is an sshd_config
    file. There are a number of man pages related to ssh and sshd, use
    "apropos ssh" to see what is available. I haven't worked much with ssh
    on Minix myself. Most connections are local on my home network and
    telnet is adequate, so I haven't explored security settings for sshd.

    - Al


  3. Re: Minix3 Firewall?

    aw> Look at the serv.access(5) man page ...
    aw>
    aw> There also is a tcpd.8 man page that is not in the current Minix 3
    aw> CD-ROM image (3.1.2a), since it was written after that release was
    aw> posted. It should be in the next package. ...
    aw>
    aw> For sshd, ... there is an sshd_config file.

    OK, Minix appears to be like the "old systems" ... before 'ipchains',
    'iptables', ... were available. They certainly provide a more
    centralized and easier solution.

    Maybe I'll just have to put a *physical* firewall between the Minix3
    machines and the Internet.

    Thanks, Al!

    -Kenneth

  4. Re: Minix3 Firewall?

    Kenneth Jacker wrote:

    > Maybe I'll just have to put a *physical* firewall between the Minix3
    > machines and the Internet.


    I wouldn't rely on a firewall entirely - a firewall is no substitute for
    being aware of the services, being sensible with user security and
    keeping an eye open - unless the stack is full of holes (which I don't
    know if it is or not!).

    Mind you, I've had an unfirewalled Sparc 5 running NetBSD on the public
    internet for 8 years now (currently running 1.5.2 with telnet, sendmail
    and apache wide open!) and its never been cracked. Sure I get attempts
    but none are successful.

    Chris Smith
    http://christhetechie.org.uk/


+ Reply to Thread