Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Dumb newbie question

Re: Dumb newbie question

From: John Babwell <johnbabwell_at_mailcan.com>
Date: Fri, 13 Aug 2004 09:13:40 -0500

I agree that seeing many examples first is the way to go. With the help
of a good book like Linux Firewalls (Ziegler), going the 'pure' route as
a newbie is not so bad (if you have the time to do it right at least :).
Seeing a commented set of rules that makes sense is even better than
checking out a recommended ruleset.

John

p.s., new to the list, I like it so far. I'm sure this book has been
talked about at some point.. how do people feel about it in general?

On Mon, 9 Aug 2004 13:20:58 -0400
"Loomis, Rip" <GILBERT.R.LOOMIS_at_saic.com> wrote:

> I saw several other responses, but I think that they were
> all missing some critical points.
>
> > I'm just getting into [Debian] Linux and iptables - a definite
> > newbie! [...] My question is, where is the rule script stored?
> > I want to start trying my own rules but I don't know where the
> > file is to modify.
>
> You've self-assessed as a newbie, but you want to start "trying
> your own rules". Rather than starting by doing iptables rules
> directly, I'd recommend that you look at installing a package
> that will allow you to specify rules using a syntax that's easier
> to comprehend--I've had good results with the "shorewall"
> package, but there are other good ones out there.
>
> If you're really interested in security, then installing such
> a package (combined with R its FM) will make it easier to construct
> a rule set that makes sense. In my experience, teaching myself
> a packet filter by grabbing random rules off webpages and
> trying to make soup out of them can have...interesting...results.
>
> YMMV, of course--but based on your self-assessment I wouldn't
> recommend just mucking with iptables rules directly. Not saying
> it won't work, but you'd learn more quickly by letting a firewall
> package construct a ruleset for you and then going back and
> looking at the rules it put together and figuring out what each
> rule does.
>
> --
> Rip Loomis - SAIC
> Brainbench MVP for Internet Security
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards_at_honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
> 

-- 
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Aug 17 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos