[lug] Personal Server Behind DSL Router
horlenkarl at yahoo.com
Fri Jan 12 01:32:18 MST 2007
> Not entirely true.. A good set of rules should
> still be doing traffic
> accounting, rate-limiting and filtering for
> rfc-1918, martians, bogons,
> xmas tree packets, etc. Outside of that, the
> logging can be invaluable.
> Getting logs showing traffic to ports that aren't
> supposed to be
> publicly accessible are usually one of the first way
> to know someone's
> getting past your border router. NAT hacking isn't
> beyond the more
> advanced script-kiddies these days.
Good points. I forgot firewalls can have log rules as
well as just pure filtering.
> I haven't tried fwbuilder yet but it does look nice.
> Especially the
> multiplatform capabilities. Shorewall took a little
> while to learn the
> first time but it's been nice as a quick text based
> tool since I run
> nearly all my servers headless.
Are firewalls like shorewall and fwbuilder just high
level interfaces to iptables and the kernel packet
filter or are they entirely different beasts?
I ask because nobody in this thread is mentioning
iptables which I thought was the defacto linux
firewall. And I'm wondering if there is any benefit
to using one versus the other?
Sucker-punch spam with award-winning protection.
Try the free Yahoo! Mail Beta.
More information about the LUG