I have been using APF (www.rfxnetworks.com/apf.php) for a while and have found it to be a pretty flexible and well-organized way to manage my iptables stuff. Have others used this tool? If so, are they happy with it? Any problems with this tool? Anything folks think is better?
Kennedy
PS -- I know this is one of those subjects where this is "no one right answer", but I figure it would be interesting to get various viewpoints.
On 4/11/05, Aleksandar Milivojevic amilivojevic@pbl.ca wrote:
Johnny Hughes wrote:
SO ... if the box needs to do either mDNS or CUPS printer browsing, you need them enabled. If not, you can remove them.
And system-config-securitylevel is going to add them again next time it is run. IMO, the best is to remove system-config-securitylevel and do firewall configuration manually. The stuff that system-config-securitylevel is writing into /etc/sysconfig/iptables isn't exactly tight anyhow. It treats INPUT and FORWARD about the same, no per-interface controll, no source address controll (do you really want to enable ssh access from Internet?), weak controll of ICMP (why allow non-related ICMP messages?), no TCP flags checks, allows RELATED stuff without further checks... just to name few things that are a must in any half-decent Linux/Netfilter based firewall configuration...
-- Aleksandar Milivojevic amilivojevic@pbl.ca Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7 _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos