OK, I see that this might be flamebait ... On Tuesday 03 July 2012 23:19:06 lina wrote: > Hi, > > I don't know which firewall (http://wiki.debian.org/Firewalls) I should > choose. > > Thanks ahead for recommendation, and it will be very nice if you tell > me why you recommend this one. > > Best regards,
It seems that you want a firewall on the computer which you are working with. As regards to closing unnecessary ports or limiting them to localhost, Joe gave good advice already. Some may call me a security paranoid and a control freak but ... I'm afraid that learning about IPtables is necessary before one is able to appreciate what the higher layer of administration s/w does to it. A firewall frontend may deceive you into thinking that you have full control over the firewall while it does things that the frontend developer THINKS you want - but do you? e.g. For some years I was using Webmin to maintain my servers until it did atrocious things to my Samba configuration. Now I'm a lot more wary and double check against the config files. Backups and etckeeper (using git) help to avoid catastrophies. I personally do not think much of firewalls which reside on the same machine which I want to protect. I'd choose an older PC to play with and install OpenBSD on it. Then setup a firewall - you might even have a look at a bridging firewall if you want to make it invisible to the network. As long as you have keyboard and screen access to the machine you won't need a third network port for maintenance. Although it comes in handy for upgrades. http://www.openbsd.org/faq/faq6.html#Bridge http://bio3d.colorado.edu/tor/sadocs/tcpip/bridge.html#what%20is%20a%20bridging%20firewall see also: Firewalling with OpenBSD’s PF packet filter Peter N. M. Hansteen To get started with OpenBSD "Secure Architectures With OpenBSD" by Palmer and Nazario The OpenBSD documentation is excellent and very helpful. Later when everything is working as planned and if I'm tight on office space I'd get one of those Soekris boxes or similar and install my firewall there. Then you can tuck it safely under your desk. I once tried out a GUI to handle my OpenBSD firewall but gave it up and I do prefer editing the pf.conf file with vim. I installed Denyhosts on the firewall as well. There is no OpenBSD port for it but setup is easy with the Denyhosts documentation. It is quite funny to see all the attempts to break into your box on port 22. Changing SSH to another port quiets this immediately. Kind regards Eike -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201207040821.10855.zp6...@gmx.net
