[CentOS] Default Firewall Entries

Wed Apr 13 13:05:24 UTC 2005
Kennedy Clark <hkclark at gmail.com>

I have been using APF (www.rfxnetworks.com/apf.php) for a while and
have found it to be a pretty flexible and well-organized way to manage
my iptables stuff.  Have others used this tool?  If so, are they happy
with it?  Any problems with this tool?  Anything folks think is
better?

Kennedy

PS -- I know this is one of those subjects where this is "no one right
answer", but I figure it would be interesting to get various
viewpoints.

On 4/11/05, Aleksandar Milivojevic <amilivojevic at pbl.ca> wrote:
> Johnny Hughes wrote:
> 
> > SO ... if the box needs to do either mDNS or CUPS printer browsing, you
> > need them enabled.  If not, you can remove them.
> 
> And system-config-securitylevel is going to add them again next time it
> is run.  IMO, the best is to remove system-config-securitylevel and do
> firewall configuration manually.  The stuff that
> system-config-securitylevel is writing into /etc/sysconfig/iptables
> isn't exactly tight anyhow.  It treats INPUT and FORWARD about the same,
> no per-interface controll, no source address controll (do you really
> want to enable ssh access from Internet?), weak controll of ICMP (why
> allow non-related ICMP messages?), no TCP flags checks, allows RELATED
> stuff without further checks...  just to name few things that are a must
> in any half-decent Linux/Netfilter based firewall configuration...
> 
> --
> Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
> Systems Administrator                           1499 Buffalo Place
> Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>