[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Create a canned "Firewall Build"



Peter,

I think it depends on the environment one find oneself in.  My first dive 
into a unix based firewall was e-smith (http://www.e-smith.org).  E-smith was 
basically a stripped down version of redhat,  providing a variety of services 
to a small lan.  These services include a time server,  smb (each user can 
get his or her own "ibay" which is also published on the web).  The server 
was preconfigured to do dhcp,  ipchains etc. etc.

Is this an ideal firewall?  Nah.  And I've since then (this was about 4 years 
ago) moved on to bigger abd better things (firewall w/ openbsd + 3 nics for 
dmz with my servers in it (although of course the smb server is internal).  

The e-smith firewall was online for 2 years without getting broken into or 
anything of the sort.  

Steve

On Thursday 21 February 2002 08:55, Peter wrote:
> That's a good one. A firewall shouldn't have any user accounts (besides
> your own)
> and on a firewall you shouldn't run anything besides nat and pf.
> Otherwise it wouldn't
> be a firwall anymore.
> I'm kind of afraid to hear next that somebody is running smbd/nmbd on
> his firewall :-)))
> Peter
>
> > >> Each user's files by default can be read by another user.  Change
>
> the
>
> > >> umask.
> > >
> > > irrelevant to system security.  so what if joe can read john's
>
> files?
>
> > > that's no closer to root.  the only umask that matters is root.  and
>
> if
>
> > > you're messing around as root, you should triple check everything
>
> you do
>
> > > anyway.
> >
> > if this is supposed to be a distribution of OpenBSD for firewalls, why
> > would it have a bunch of users on the system whom you have to play
>
> nanny
>
> > to?
> >
> > --Matt


Visit your host, monkey.org