[KLUG Members] smoothwall questions

Joe Baker members@kalamazoolinux.org
05 Aug 2003 21:37:09 -0500

Previous message: [KLUG Members] smoothwall questions
Next message: [KLUG Members] smoothwall questions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2003-08-04 at 20:35, Peter Buxton wrote:
> On Mon, Aug 04, 2003 at 01:14:06PM +0200, Bert was only escaped
>    alone to tell thee:
> 
> > I should do both. The most effective is to drop them in
> > /etc/hosts.deny, you need a tcpwrapper running, although I have read
> > an article lately that you should never run a wrapper on a firewall. I
> > always used tcp-wrappers on my firewall.
> 
> Hmm. I think they say you shouldn't run a wrapper on a firewall because
> your application shouldn't run on a firewall. If you need a proxy hole,
> perhaps, if resources aren't a problem, you should try redirecting the
> incoming connection to a second, internal proxy host.
> 
> Many of the tcpwrapper functions can and should be replaced by iptables
> or the *BSD equivalent. The only thing I don't think you could easily
> replace would be the PARANOID setting, where IP #'s and DNS names are
> compared and matched.

I've heard people say over and over again not to run applications on the
firewall and I think that's bunk.  I run IPTables scripts on the box 
which shield my applications from anything that comes in my Internet
Interfaces except related connections. It's amazing all the stuff I can
load up the box with to support the needs of the network.

-Joe Baker
 President, Digital Communications Research, Inc.
 Burlington, WI 
 http://www.dcresearch.com
 414-788-8284

Previous message: [KLUG Members] smoothwall questions
Next message: [KLUG Members] smoothwall questions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]