Hi all,
I want to set up a firewall on CentOS 4.4.
I wnat to know the diiffrence between port filtering and packet filtering ?
Can iptables do both?
Is there another pkg better than this? if so, pls let me know.
The purpose of this is to setup a firewall for production use.
Indunil Jayasooriya wrote:
Hi all,
I want to set up a firewall on CentOS 4.4.
I wnat to know the diiffrence between port filtering and packet filtering ?
Can iptables do both?
Is there another pkg better than this? if so, pls let me know.
The purpose of this is to setup a firewall for production use.
centos is a general purpose server-oriented distribution... while it has firewalling capabilities, properly configuring it as a good production firewall would require a thorough knowlege of internet security, network protocols, firewall rules in general, and iptables in specific. iptables can do almost anything imaginable if you can figure out how to specify the rules, but it doesn't do anything at all until you configure it.
you might be better off with a purpose built firewall distribution such as ipcop or pfsense or smoothwall
Indunil Jayasooriya wrote:
Hi all,
I want to set up a firewall on CentOS 4.4.
I wnat to know the diiffrence between port filtering and packet filtering ?
useless terminology. only marketeers insist on this. most firewalls nowadays do all kind of filtering.
I guess the meaning would be: - port filtering: block/open TCP/UDP ports - packet filtering: block/open based on IP addresses, IP protocol, ports, ... etc.
Can iptables do both?
yes.
Is there another pkg better than this? if so, pls let me know.
The purpose of this is to setup a firewall for production use.
depends on your situation. if you don't have performance issues and no special configuration needs, then a low end commercial firewall would be enough. otherwise, you need to take the time to learn iptables, or find someone to help you build your firewall.
there are guis available. google is your friend. one that comes to mind now is fwbuilder.
Could I know what version of Yumex will be provided in centos/5/extras?
The 'new generation' of yumex-1.9.2 (as present in Fedora 7 Test 1) looks unfinished (it *is* unfinished!) and I very much prefer the 'old' one, yumex-1.0.2.
I appreciate Tim Lauridsen's work, however I can't see any advantages of the "new Yumex" over the old one. (Someone, please highlight them for me.)
Will CentOS 5 stick to the same yumex used in CentOS 4 or will change the course?
Thx. Béranger
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
On Wed, 2007-02-07 at 18:45 -0500, Radu-Cristian FOTESCU wrote:
Could I know what version of Yumex will be provided in centos/5/extras?
The 'new generation' of yumex-1.9.2 (as present in Fedora 7 Test 1) looks unfinished (it *is* unfinished!) and I very much prefer the 'old' one, yumex-1.0.2.
I appreciate Tim Lauridsen's work, however I can't see any advantages of the "new Yumex" over the old one. (Someone, please highlight them for me.)
Will CentOS 5 stick to the same yumex used in CentOS 4 or will change the course?
Thx. Béranger
I think the new on will probably be required for yum-3 ... though I am not positive.
I have not yet tested the new version with CentOS-5
(We should be able to test it soon though)
mouss wrote:
depends on your situation. if you don't have performance issues and no special configuration needs, then a low end commercial firewall would be enough. otherwise, you need to take the time to learn iptables, or find someone to help you build your firewall.
there are guis available. google is your friend. one that comes to mind now is fwbuilder.
Personally, if I was using the box as a firewall, lightweight network utility, VPN, router, NAT, or whatever else a typical gateway might handle, I'd run it on BSD and PF in a heartbeat over iptables. Linux's general adhesion to the ridiculously obtuse and difficult ipchains/iptables legacy is extremely unfortunate at best, and IMO, far less functional. Your entire PF configuration file (amazingly) named /etc/pf.conf can be easily less than 15 lines and cover quite a lot of ground.
Kinda reminiscent of the old IPFW, only evolved about 200 years, which would make it 10,200 years more evolved than ipchains/iptables.
:P
(*climbing back into Nomex in nuke bunker*)
Peter
Hi ,
On 2/9/07, Peter Serwe peter@infostreet.com wrote:
mouss wrote:
depends on your situation. if you don't have performance issues and no special configuration needs, then a low end commercial firewall would be enough. otherwise, you need to take the time to learn iptables, or find someone to help you build your firewall.
there are guis available. google is your friend. one that comes to mind now is fwbuilder.
Personally, if I was using the box as a firewall, lightweight network
utility, VPN, router, NAT, or whatever else a typical gateway might handle, I'd run it on BSD and PF in a heartbeat over iptables.
When it comes to BSD which BSD Free bsd or OpenBSD.
I have used Free BSD 6. I think PF was originally came with Open BSD. But It has been already assed to Free BSD port tree.
So, Which Should I use?
Iptables with linux or PF with Open BSD or Free BSD.
help needed.
Linux's general adhesion to the ridiculously obtuse and
difficult ipchains/iptables legacy is extremely unfortunate at best, and IMO, far less functional. Your entire PF configuration file (amazingly) named /etc/pf.conf can be easily less than 15 lines and cover quite a lot of ground.
Kinda reminiscent of the old IPFW, only evolved about 200 years, which would make it 10,200 years more evolved than ipchains/iptables.
:P
(*climbing back into Nomex in nuke bunker*)
Peter
-- Peter Serwe <peter at infostreet dot com>
"The only true sports are bullfighting, mountain climbing and auto racing." -Earnest Hemingway
"Because everything else requires only one ball." -Unknown
"Do you wanna go fast or suck?" -Mike Kojima
"There are two things no man will admit he cannot do well: drive and make love." -Sir Stirling Moss
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
When it comes to BSD which BSD Free bsd or OpenBSD.
I have used Free BSD 6. I think PF was originally came with Open BSD. But It has been already assed to Free BSD port tree.
So, Which Should I use?
Iptables with linux or PF with Open BSD or Free BSD.
help needed.
It's always the same: the best solution is the best solution for you particular case. So, you can build your fw in Linux (iptables) as much as BSD (pf, ie). Personally I think the pf (packet filter) sintaxis is more clear than iptables sintaxis, but only IMHO. Only you have the correct answer.
-
Indunil Jayasooriya -
John R Pierce -
Johnny Hughes -
Jordi Espasa Clofent -
mouss -
Peter Serwe -
Radu-Cristian FOTESCU