Re: [suse-security] Making SuSE 9.1 a router?? HOW??
On Saturday 25 September 2004 02:02 pm, melissad wrote:
www.shorewall.net Makes Iptables easy, and much more flexible than the SuSE firewall. You may find you don't need the cisco anymore and can hook the SuSE box directly to the internet. -- _____________________________________ John Andersen
Does it run on 2.6? If you know both, can you give some more info on shorewall? Thanks, Volker -- Volker Kuhlmann is possibly list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
On Saturday 25 September 2004 03:55 pm, Volker Kuhlmann wrote:
Shorewall does not "RUN" on anything. Like SuSE firewall, its only job is to setup an manage your iptables rules in a more user friendly and intuitive way. Once shorewall loads your rules into its not running any more. So if you run iptables, Shorewall makes it easier to set up and maintain, and adjust. -- _____________________________________ John Andersen
Yes, what I meant was how it compares to susefirewall2 in your experience? You did imply it was better, would you be able to post a 1-paragraph review? Thanks, Volker -- Volker Kuhlmann is possibly list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.
John, Am reading through the extensive documentation, some 400 pages. There are a lot of versions, with at least 2.9 being not yet stable. What version are you running with 64 bit? I downloaded 2.8 rpm, but there is a patch and no instructions on what to do with it? If you have done this one, did you patch, and if so how? melissa On Sat, 2004-09-25 at 22:33, John Andersen wrote:
On Sunday 26 September 2004 08:38 am, melissad wrote:
I'd think twice about the RPM. I always build from tar-balls on Suse, because for some reason, his rpms often have a problem with something in SuSE's distro. Its a very simple install. As for the docs - just go to his quick start guide, down load the the Two Interface example and step thru that configuration. There are tons of esoteric examples for oddball situations that you might run into in a large complex corporate environment, but most small installations just use the two interface example or the three interface example if you need a DMZ. I always stay one release behind his current development release but Tom's idea of Unstable is a little odd, because all the normal stuff works in his "unstable" release, its just that he may have new features that have not quite jelled yet. Again, Shorewall only loads iptables, so once the rules are loaded into ip tables, its as stable as a rock. I find the creation and the adding of new rules for new services etc, very easy to understand, and easy to manipulate when I need to add a new inward port, or impose egress filtering to stop worms or something. -- _____________________________________ John Andersen
Am Sonntag, 26. September 2004 18:38 schrieb melissad:
[ snip ]
The discussion about ShoreWall and SuSEfirewall2 needs to hear about FIAIF, I think. FIAIF Is An Intelligent Firewall (what the 5 letters mean). After I was through the SuSEfirewall2 docs I headed to ShoreWall and found it too big. Freashmeat mentioned http://www.fiaif.net , which is a script configered by a handfull of configuration files, easy to fill, easy to understand. The different networks are described in "zones" (not new, I know). The meta-language for the rules, the fiaif script generates the iptables from, is easy to understand and even after weeks easy to maintain ... I run it on a router based on SuSE9.0 with 3 nics, applied a simple header (SuSE-style) for the /etc/init.d/fiaif script, made a link in /sbin to rcfiaif. Complete SuSE feeling (start stop status restart ... YaST-Runlevel-Editor...). You should give it a try, the .pdf doc is 32 pages, the .html faq config etc is small. But it will not configure your nics. Fun and success Christoph --
-- hanslik@hanslux.de -- << -- http://www.hanslux.de -- <<
participants (4)
-
Christoph Hanslik -
John Andersen -
melissad -
Volker Kuhlmann