I did check Firestart out yesterday on the old box which will serve as
the firewall. Found it someone odd, in that when I'd activate the
firewall it didn't look as if iptables was running. Also, it didn't
look granualar enough (from my quick overview) for what I want to do,
very specific rules. Perhaps I'm wrong. If you use Firestarter, do you
think it's detailed enough for my needs (see below).
Don Campbell wrote:
Look into Firestarter:
http://firestarter.sourceforge.net/index.php
gui setup, a knowledgeable group who contribute to a very helpful
email list. Your needs sound like they're for a very high level
of security. You probably should also look into ways of hardening
the machine that is the firewall.
Kevin F. Berrien wrote:
I'm intersted in building a bastion firewall for the following
sistuation. Have a closed network (police dept). There are no
crosses to the internet. However, we'd like VERY LIMITED access by
the Windows DC server for the following: Windows update (via SUS),
Symantec AV updates, VNC/or remote desktop connection to 1 or 2
workstations on our WAN.
Thus, I want to limit all traffic except various protocols/ports
between specific IP's/URL's.
Certianly FC and iptables can do this, does anyone recommend a
configuration utility, start off scripts, etc? Should I be looking
more into LRP (now defunct), etc? My iptables knowledge is not great
(did it years ago), so some configuration utility would be great, and
my co-workers isn't experienced in this area at all.
