iPhone 3GS from AT&T. Free Shipping
Linux: Has anyone tried the Bastille firewall?
Has anyone tried the Bastille firewall?
by chuckieu - 2/28/04 11:44 AMI am concerned that the standard firewall included with RH9 seems porous. Even on the HIGH setting, I have 2 open ports(2 that could do some damage). Also, all my ports are closed(good), but not blocked(bad). While concerned
while using dial-up, really want to pin this down before my DSL modem gets here next week. Downloaded the Bastille 2.1.1, but won't install until I know more about it.
Continuing to read about Linux firewalls, but haven't run across info about closing individual ports. TIA chuck
Re:Has anyone tried the Bastille firewall?
by R. Proffitt
- 2/28/04 12:16 PM
In reply to: Has anyone tried the Bastille firewall? by chuckieu
You may be confusing Windows issues with Linux. Let's say that you need to look at the manual pages of:
portmap
inetd
In short, when a packet arrives, the inetd launches the specific program. If you don't have a matching program to launch, then no need to firewall off that port...
Its a different world, and you don't need to do much more than look deeply at inetd and its configuration to see what port you want to stop responses to...
Bob
Re:Has anyone tried the Bastille firewall?
by David Evans - 2/28/04 8:50 PM In reply to: Has anyone tried the Bastille firewall? by chuckieuI've used Bastille for a long time. Just install iptables and the Bastille script, run it, answer the questions and you're done. If I recall correctly it gives you the choice of whether to "close" or "block" and I always chose block.
When going through the questions I don't do some things it offers to do, like usage limits.
DE
Re:Has anyone tried the Bastille firewall?
by khurtwilliams - 2/29/04 8:46 AM In reply to: Has anyone tried the Bastille firewall? by chuckieuThe Bastille Hardening System attempts to "harden" or "tighten" Unix operating systems. It is not a firewall. The tool is meant to be used by experience users and system administrators. More info can be found here . http://www.bastille-linux.org/
Your question seems to indicate a novice experience with Linux. I will assume you are using the GUI tool for configuring the firewall.
The fact that you have 2 ports open means that you configured the firewall with rules to allow traffic through those 2 ports. For example I have configured my firewall to allow only port 22 (SSH).
You most likely want to answer NO to allowing ANY services if you want to close all the ports.
Thanks, all!
by chuckieu - 2/29/04 9:31 AM In reply to: Re:Has anyone tried the Bastille firewall? by khurtwilliamsSince I started at zero, I'm still a novice in spite of all I've learned about Linux. 22 is one of the ports open, which is Telnet. I've always heard that was some-
thing you definately want closed. While it's true I'm applying Windows values? to the problem, I'm not sure that's wrong. I want any system I have(even if it were Mac) to be as secure as I can make it without going overboard. The theory that I'm not important enough for anyone to want to hack me has caught many a user. Anyway, I'll keep studying and enjoying my Linux. chuck
Port 22 is ssh, not telnet.
by R. Proffitt - 2/29/04 9:45 AM
In reply to: Thanks, all! by chuckieu
ssh, being what it is, is the best port to use...
Bob
Re:Port 22 is ssh, not telnet.
by chuckieu - 3/1/04 10:32 AM In reply to: Port 22 is ssh, not telnet. by R. Proffitt
Gotcha, thanks. Wonder why a list had it as Telnet.
The other one open is 111(sun/unix remote). Not necessary on a standalone computer I'm assuming. Thanks again, Bob.
chuck
Re:Re:Port 22 is ssh, not telnet.
by Anthony J Moulen - 3/1/04 10:50 AM In reply to: Re:Port 22 is ssh, not telnet. by chuckieuOh you definitely want that one closed. Unless you are using NFS or some other RPC to talk between systems, you don't need Portmap. Turn off portmap in the services and also block that, at the very least, on the internet port.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
