Koozali.org: home of the SME Server

Legacy Forums => Suggestions => Topic started by: Michael Ray on October 23, 2000, 06:53:01 PM

Title: firewalling support ??
Post by: Michael Ray on October 23, 2000, 06:53:01 PM

What's the plan for future "firewalling" support ?

the future directions page lists "Minor or internal improvements"  "Stronger firewalling rules (deny stuffed packets, etc.)"

In the mean time, has anybody had a look at the rc.firewall script at  http://www.jsmoriss.dyndns.org/linux/firewall.html
It seems quite extensive and has been working great for me.

excerpt from site.
"rc.firewall is an ipchains-based firewall script with extensive support for network services (IPSec, VTUN, NFS, SMB, Napster, Proxies, etc.), masquerading, port forwarding (including definitions for network games), and IP accounting. All services are self-contained modules which can be prioritized and installed easily. Protections include spoofing, stuffed routing / masqerading, DoS, smurf attacks, outgoing port scans, and much more. rc.firewall also supports multiple private and public interfaces with unique rules for each interface/service. This allows the creation of a De-Militarized Zone (DMZ). rc.firewall is distributed under the General Public License (GPL) terms."

Title: RE: firewalling support ??
Post by: Dan Elkins on October 23, 2000, 07:27:48 PM

> De-Militarized Zone (DMZ).

Sorry for going off topic, but does anyone know where the origin for this term comes from?  My guess is Ghostbusters.


Dan

Title: RE: firewalling support ??
Post by: Gordon Rowell on October 23, 2000, 09:20:31 PM

Dan Elkins wrote:

> > De-Militarized Zone (DMZ).
>
> Sorry for going off topic, but does anyone know where the
> origin for this term comes from?  My guess is Ghostbusters.

Hmm - I think you'll find it is a _lot_ older than that. It was definitely
a second world war term, but probably pre-dates that. In computer
terms, it has certainly been used since the early days of firewall
design.

Here's the entry from dictionary.com:

de·mil·i·ta·rized zone (d-ml-t-rzd zn)
 n. Abbr. DMZ

       An area from which military forces, operations, and installations are
      prohibited.

Gordon

Title: RE: firewalling support ??
Post by: Gordon Rowell on October 23, 2000, 10:30:46 PM

Michael Ray wrote:

> What's the plan for future "firewalling" support ?

Firewalling on a service by service basis. I.e. when you enable a service,
the rules are modified, and similarly when you disable a service.

> [...]
>
> In the mean time, has anybody had a look at the rc.firewall
> script at  http://www.jsmoriss.dyndns.org/linux/firewall.html
> It seems quite extensive and has been working great for me.
> [...]

Yes - I know it well and naturally it fits in quite well.

Gordon