First page Back Continue Last page Summary Graphics
Application Links (cont.)
Perimeter Defense (cont.)
- Firewalling (cont.)
- Linux supports packet filtering out of the box, and can be easily configured to use Network Address Translation (a.k.a. IP Masquerading).
- You should always have filtering up on all untrusted interfaces.
- To date, the best filtering script was written by Peter Watkins, and is available at http://www.tux.org/~peterw. These scripts are taken from the Bastille Linux scripts, and have several features, including the ability to set up a DMZ. The scripts currently support both ipchains and netfilter/iptables.
Notes: