On Tue, Jul 24, 2001 at 10:11:19AM -0400, Case, Benjamin wrote: > Security, Security, Security > SSH Daemon > NAT (Masq) > Port Forwarding > Graphical (web based ?) Network Analysis > PPPoE support > VPN support > Convenient Method of Configuration (Web based, GUI based ?) [snip] > What is the best apporach to creating this Firewall. Should I start with my > own basic install of Debian and build from there ? Is there a floppy or CD > based image worth trying that is based on Debian ?
Install a debian base system. In the dselect package listing, remove all packages that are not needed on a firewall, like gcc, tetex and any bad stuff like telnetd or rwhod. Then select the packages you do want: ssh, ipmasq, pppoe, mrtg, perhaps a tiny httpd for the stats. Install the packages from the dselect menu. Repeat for any other packages you later find you need or don't need. I'm not very experienced with gui administration and I personally don't find it convenient at all. On a security sensitive system, you don't want to run anything more than strictly necessary, fancy configuration layers included. Just consider the various webinterfaces in embedded systems, like routers and network printers, and how these are accidentally hurt by iis sploit requests. Remember to "netstat -at" and to mercilessly remove any service that you did not put there yourself with the express intent to respond to arbitrary people on the internet. There exists a debian-firewall list, iirc. Try searching the archives of that list and posting there, it likely has a better yield. Cheers, Joost
