newbie question (LOG problem)
Ralf Gross
Ralf-lists@ralfgross.de
Fri, 25 Jan 2002 14:52:42 +0100 (CET)
>To say the truth I'm not sure about what to discard and to accept.
>I'm studing tutorials and howtos to understand but I think I'll need a
lot
>of time.
Understanding TCP/IP and networking basics (protocols, services like ftp,
dns...) is essential for building firewalls - even at home. I learn
something new every day ;-)
http://www.netfilter.org/documentation/index.html#HOWTO
http://www.netfilter.org/documentation/index.html#FAQ
http://www.netfilter.org/links.html
http://www.blood-thirsty-barbarians.de/Firewall.html
http://nic.com/~dave/SecurityAdminGuide/
http://www.stokely.com/unix.sysadm.resources/security.html
>Let's say I want to use my firewall only for a workstation Linux box (no
>server services) and that I would other people see my pc's ports as
>stealth, or at least as closed, what type of packets should I accept?
First of all, I would shut down all unnecessary services/server eg. ftpd.
It's a workstation, you don't need them. Some linux distributions install
services you don't need (Install EVERYTHING? YES/SURE ;-). Have a look at
/etc/inet.conf and use ps or netstat to list running/listening processes.
If there is nothing listening on a network port...maybe you don't need a
firewall.
If you want to use a firewall, have a look at the links above.
>How can I test my firewall? Nmap to 127.0.0.1?
I think this won't check all your rules. I use a second PC for testing the
rules of my external interface. There are also some websites that offer a
portscan service, but I heard that some of them are not very reliable...
Ralf