m20bi wrote:
>
> Hi!
>
> I'm building a WebDAV/DeltaV playground for a consultant on a Linux box of
> his -- part-time job for this part-time student. On my personal Gateway (W98
> SE), I use the ZoneAlarm freeware because I have a cable modem and the
> Gateway is always connected to the Internet. ZoneAlarm is a firewall for the
> masses -- just download, install and it works without any tweaking -- or
> much understanding on my part. <g> When I run the GRC Port Probe test
> www.grc.com) my Gateway, everything "shows" up as running in Stealth. Makes
> me happy.
>
> Different story on the Linux box (which has its own cable connection to the
> net). It's interaction should be limited to the http (for serving and
> surfing), kibitz, irc (X-chat and BitchX) and maybe, maybe talk. (No
> email -- I'm content to use Hotmail.) When I run the GRC Port Probe on the
> Linux box, ports 25 (SMTP) and 113 (IDENT) show up as Open. The other ports
> show up as Closed -- not Stealth.
>
> Is there a simple utility I can slap on this Linux box -- similar to
> idiot-proof ZoneAlarm -- that will put all the superfluous ports in Stealth
> mode?
>
> Barbara (using Linux since September 2000)
>
> PS Do I need port 113 (IDENT) for IRC?
>
One of the things you might do is get "pmfirewall" or "seawall." Both
of these are scripts that will write your chains for you. It's a quick
way of getting something up and you can add and subtract to the chains
as you learn. There is also a hardening script called "Bastille", if I
got the spelling right. It will help shore your system up.
seawall -- http://seawall.sourceforge.net/
pmfirewall -- http://www.pointman.org/
There is also a book you can download online that is worth your while @
-
http://pages.infinit.net/lotus1/opendocs/book.htm
As an aside I found OpenBSD much easier to use as a firewall. I find
ipf and nat easier to understand than ipchains and masquerade.
hth,
kent
--
________________________________________________________________
"Neurosis is the way of avoiding non-being by avoiding being."
- Paul Tillich, American theologian (1886-1965).
_______________________________________________
techtalk mailing list
[EMAIL PROTECTED]
http://www.linux.org.uk/mailman/listinfo/techtalk
