There is an excellent book on just this topic by a fellow named Robert L. Ziegler, published by New Riders and called <emph>Linux Firewalls</emph>.
A good general discussion of the issues and a couple of good recipies. Also some useful resources at openna.com Gmourani's book has some ipchains recipies as well. mike On Sat, 4 Nov 2000, Troy Telford wrote: > Having looked and not found, I'm asking here: > > Is there any place where I can find a general ruleset for a firewall? > > And, moreover, while many howto's mention how to specify a rule for a > ruleset, they do not specify *what* rules are good/bad/ugly, etc. > > For instance: > > Even though packets coming from an FTP port are allowed (supposedly to > allow FTP downloads...), apt-get is unable to function properly. > > Moreover, I have no idea what a 'good' ruleset to simply allow FTP > requests from my machine (such as those made by an FTP client on my > machine, apt-get, etc.) are reasonably secure. And, in my case, I have > incoming FTP disabled, but is there a way to block packets at the > firewall (from people requesting FTP services on my computer), while > allowing my FTP requests to go unhindered? > > In fact, I couldn't really find any good information on general firewall > construction. I could find information on how to set a rule for the > firewall; but now I need to find information on *what* kind of rules are > good, and why (and what is bad, and why). > > Another Example: From what I understand, all TCP/UDP ports above 1024 > are 'user' ports, and have no services attatched to them. What kind of > possible security problems/other risks are involved by having these > ports essentially 'open' to the world? What is the tradeoff with > closing them off? > > For my particular situation, the computer is connected directly to the > internet on a campus network. I want to be able to have a good 'basic' > firewall ruleset that will allow me to do my normal tasks as though > there were no firewall active, yet filter out all incoming connection > requests (such as telnet, ftp, etc.). I'm running kernel 2.4.0-test9; I > have iptables figured out and can apply rulesets just fine. It's > knowing what rules make sense and what ones don't that I need help on. > > I'm more interested in learning how to create a good firewall than > simply having one. (So I can make one from scratch should I ever have a > specific need). > > Thanks for any help offered. I hope I didn't run in too many circles! > > -Troy > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
