[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] IPChains Tool
- Subject: Re: [cobalt-security] IPChains Tool
- From: Carrie Bartkowiak <ravencarrie@xxxxxxxx>
- Date: Fri, 20 Jul 2001 16:01:29 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Fri, 20 Jul 2001 11:43:56 -0700, Edward Cruz mumbled something
like:
>>Some weeks ago someone on the list (Carrie?) mentioned a tool for
>>configuring IPChains. I would love to hear some more about using
>>this tool,
>>in particular with PortSentry...
It's called PMFirewall and it's at:
http://www.pointman.org/PMFirewall/
Very easy to install; you ask it some questions and it writes a
ruleset for you. You have to have the IPChains scripts already
installed on your machine (don't have to have them configured,
though). Make sure you read everything that it spouts out at you, and
pay attention when answering the questions.
As for using it with PortSentry - that's really a moot point. If
you've got IPChains running, then PortSentry is just a backup alarm
and reaction system. Someone will have to get through the IPChains
first in order to set off PortSentry. PortSentry can then do a number
of things, like tossing the offender's IP into the routing table,
handing it over to IPChains to block, or running an external command
(Zeffie showed me a wonderful idea to have the external command run a
whois on the offending IP and mail it to me).
They seem to me to be a good system to run together. IPChains up
front and PortSentry as a backup measure, with LogCheck to show you
everything that's happening.
My next project is Snort... *grin*
--
CarrieB
Space for rent! I need spiffy quotes for my sig line!
Help! Email me your suggestions today!