Steve - I found the install and configuration of firewall 2.0 very easy - Marc wrote great ducumentation. But I'm using it on a home network where I'm denying all incoming traffic, and I've disabled all services on the standard ports. I'm providing no external services from my machine or network, so it's pretty simple. I spent some time with v 1.4 and found it more difficult than v 2.0 - Steve --- "Steven T. Hatton" <hattons@cpkwebser5.ncr.disa.mil> wrote:
Steve,
Wish I could help here. I might try running something which sleeps for a second and then checks the the ipaddress against a stored value. I am just one better than a novice when it comes to this stuff. If I said much more I would probably be doing more harm than good.
You may have inadvertently helped me a lot. I just fetched the firewall 2.0. I spent the last 20 hours on 1.4 and am not quite ready to take on 2.0 Today. Was it easy to configure? Do you have any pointers?
Steve
Stephen nyc wrote:
Folks -
I'm running Suse Firewall 2.0 and the roaring-penguin PPPOE client with great success so far. The only difficulty I have is if my dsl connection is lost, pppd restarts it, but I need to restart the firewall after the new ip address is in place. Where should I put the firewall restart call? ip-up? where (I'm a true script novice)? Somewhere else?
(It's nice to know that if the dsl drops and is reestablished the firewall shutsdown everything)
TIA
- Steve __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
__________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
Steve, I too am running at home. When we finally get fixed IP addresses from BA, I hope to set up a proxy that will allow selected communication between my systems and the outside world. I burned too much time on getting this thing running as it currently does, for me to go off and start tinkering with it right now. This subject of firewalls and proxies is both interesting and important. I actually see a day when each computer will stand up to internet exposure without the need for firewalls. The analogy I use for this is the Town of Ansbach Germany. Ansbach is some 1200 years old. It has a wall around the original town center. This is how the town's folk kept the bad guys out. If you were inside the wall you probably didn't need to worry too much about locking your house down; you could trust your neighbors. As the need for easy flow of goods in and out of the Town increased and the threat from rival principalities decreased, the wall became an artifact of the past and everybody became responsible for his own security. Anybody who has ever attempted to build really cool network solutions inside a firewall understands how much of a PITA it can be to have to go begging for a port form the gate keeper. Understanding how to control the flow of network traffic is a very important and challenging subject. Not to mention lucrative! Steve Stephen nyc wrote:
Steve -
I found the install and configuration of firewall 2.0 very easy - Marc wrote great ducumentation.
But I'm using it on a home network where I'm denying all incoming traffic, and I've disabled all services on the standard ports.
I'm providing no external services from my machine or network, so it's pretty simple.
I spent some time with v 1.4 and found it more difficult than v 2.0
- Steve
--- "Steven T. Hatton" <hattons@cpkwebser5.ncr.disa.mil> wrote:
Steve,
Wish I could help here. I might try running something which sleeps for a second and then checks the the ipaddress against a stored value. I am just one better than a novice when it comes to this stuff. If I said much more I would probably be doing more harm than good.
You may have inadvertently helped me a lot. I just fetched the firewall 2.0. I spent the last 20 hours on 1.4 and am not quite ready to take on 2.0 Today. Was it easy to configure? Do you have any pointers?
Steve
Stephen nyc wrote:
Folks -
I'm running Suse Firewall 2.0 and the roaring-penguin PPPOE client with great success so far. The only difficulty I have is if my dsl connection is lost, pppd restarts it, but I need to restart the firewall after the new ip address is in place. Where should I put the firewall restart call? ip-up? where (I'm a true script novice)? Somewhere else?
(It's nice to know that if the dsl drops and is reestablished the firewall shutsdown everything)
TIA
- Steve __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
__________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
I too am running at home. When we finally get fixed IP addresses from BA, I hope to set up a proxy that will allow selected communication between my systems and the outside world. I burned too much time on getting this thing running as it currently does, for me to go off and start tinkering with it right now. This subject of firewalls and proxies is both interesting and important. I actually see a day when each computer will stand up to internet exposure without the need for firewalls.
At that point, every machine will be its own firewall. Far from having gotten rid of them, we will have proliferated them. Running the firewall on a separate dedicated machine serves at least five purposes, ONE of which we can reasonably hope will someday go away. 1. It lets us run inherently insecure systems (e.g. Windows 95) with acceptable security. This, we can hope, will someday become a non-issue. 2. It lets us put the processing burden of security on ONE machine. 3. It lets us run insecurely CONFIGURED systems with acceptable security. This is an important point. Not everyone is intellectually or emotionally prepared to deal with a securely-configured computer. 4. It gives us a single point of control for who is allowed to connect remotely, and from where. This also is an important point, for some people (mostly companies and government, not individuals). 5. As securiity flaws are discovered, it allows us to apply the emergency patches to only a few systems, rather than every system on our network (over 5,000 systems at my employer). -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (3)
-
hattons@cpkwebser5.ncr.disa.mil -
stephennyny@yahoo.com -
warrl@blarg.net