Why nut dump SuSEFirewall2 altogether and try something like ShoreWall - www.shorewall.net. Took me 17 minutes (including reading the docs !!!!) to get a fully functional firewall. Jon => -----Original Message----- => From: Togan Muftuoglu [mailto:toganm@dinamizm.com] => Sent: Monday, 30 December 2002 18:42 => To: suse-linux-e@suse.com => Subject: Re: [SLE] Firewall advice => => => * Derek Fountain; <derekfountain@yahoo.co.uk> on 30 Dec, 2002 wrote: => > => >My question is, where do I go from here? I don't know much => about the => >SuSE => >firewall, or how to harden the box against attack. I'd like => it to spin down => >the hard disk (which presumably it doesn't need much in => it's limited role) to => >reduce noise and power consumption. => => For a detailed documentation of SuSEfirewall2 => http://sourceforge.net/project/showfiles.php?group_id=42064&release_id=1 27876 Now for hardening the box SuSE 8.1 is not the ideal SuSE version I am afraid, as harden_SuSE package barks saying that it is not for 8.1 and bastille Linux project is not fully functional on SuSE 8.1 Hence I have not been using 8.1 on my prodcution servers yet. I am still on 7.3
Anyone else used SuSE-8.1 as a dedicated firewall? What configurations did you make to get it as hard and efficient as possible?
Nevertheless, make sure you do not have any unnecessary services running on the firewall. set teh security label paranoid ( note that many things can be disfunctional so be carefull with this. Do not login to your firewall box if administration is mandatory on the firewall box then use ssh with public key. If there are services running that are available to public ie webserver mail server then chrooting them is a good idea Hope these help -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com