Re: [Setup-tool-hackers] I thought I would check and see first...



You may want to take a look at Alan Cox's firewall tool. The name
completely escapes me, but it would probably be a good starting point.
Luis

On 24 Jul 2001 14:32:48 -0600, Burra wrote:
> 
> Yes, I guess a firewall configurator makes more sense if xst is just for
> system configuration files. I could do this very easily... I can do rules
> to open up/block specific ports, allow trusted hosts, disallow untrusted
> hosts, block typicaly dos attacks and block port scans for iptables,
> ipchains, and ipf.
> 
> We might put this under "Security" and tie in host.allow/hosts.deny
> configuration, PAM configuration, and other /etc based security config
> files.
> 
> Thoughts?
> 
> --------------------[-- burra@colorado.edu --]--------------------------
> 
> On Tue, 24 Jul 2001, Mitch Allmond wrote:
> 
> > what about a firewall configurator? Is this in the works? It would be great to
> > have a tool in xst that can configure iptable firewalls, and give the option
> > for it to be activated on boot or not.  I'll do a little text example
> > below. The idea is to show each ethernet device, supply check boxes to block
> > or open that service/port to that device, to allow user input for specific
> > ports, and to allow masquerading.
> >
> >     Eth0                                Eth1
> >         _                ssh                _
> >
> >         _                smtp             _
> >
> >         _                http               _
> >
> >         _                etc...              _
> >
> >         _                X11               _
> >
> >         _            | insert port |    _
> >
> >         _            | insert port |    _
> >
> > ---------------------------------------
> > _    masquerade virtual ips (default 192.168.0.0) manual _____________
> > _    close all ports/services not handled above
> >
> >
> > etc......... you get the point
> >
> > if there was
> >
> > Chema Celorio wrote:
> >
> > > On 23 Jul 2001 21:15:27 -0600, Burra wrote:
> > > >
> > > > Hi setup-tool hackers,
> > > > After successfully creating the basic componets of a setup tool, I am
> > > > about to (currently actually) impliment a "security-setup-tool". This
> > > > tool will check your file system, services, network, the list goes on...,
> > > > and offer fixes once it has encountered a security problem.
> > > >
> > > > I thought I would check and see first if someone is already impliemnting
> > > > this... Anyone? I guess I am looking for a blessing from everyone to go
> > > > ahead :)
> > >
> > > The idea sounds great, but i am not sure it belong inside XST. XST read
> > > system configuration and write system configuration. This security
> > > program sounds good but does not quite fit in the architecture.
> > >
> > > >
> > > > If no one is already doing this, I will post my code, once I get all
> > > > basic functions in place, for approval to add it to cvs, hopefully :)
> > > >
> > > > --------------------[-- burra@colorado.edu --]--------------------------
> > > >
> > > >
> > > > _______________________________________________
> > > > setup-tool-hackers maillist  -  setup-tool-hackers@ximian.com
> > > > http://lists.ximian.com/mailman/listinfo/setup-tool-hackers
> > > >
> > >
> > > _______________________________________________
> > > setup-tool-hackers maillist  -  setup-tool-hackers@ximian.com
> > > http://lists.ximian.com/mailman/listinfo/setup-tool-hackers
> >
> 
> 
> _______________________________________________
> setup-tool-hackers maillist  -  setup-tool-hackers@ximian.com
> http://lists.ximian.com/mailman/listinfo/setup-tool-hackers
--
Luis Villa
Ximian Bugmaster
"Quality is an amazing bridge because it is universal in its language."
Thomas Corcoran


_______________________________________________
setup-tool-hackers maillist  -  setup-tool-hackers@ximian.com
http://lists.ximian.com/mailman/listinfo/setup-tool-hackers



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]