RFC: firewall-hint_v1.3

Greg Turpin gregturp at home.com
Sun Aug 12 20:53:44 PDT 2001

On Sunday 12 August 2001  7:44 pm, you wrote:
> On Mon, Aug 13, 2001 at 12:53:54AM +0100, Paul Campbell wrote:
> > I in the end, after lastly attempting the LFS-firwall hint, on my
> > mandrake server gave up and installed bastille.  I feel that a "Last -
> > Resort - Idiots - Firewall" should at least reference this utility.  As
> > far as understand it, Bastille is simply a series of very well written
> > perl scripts, but Bastille Interactive goes much further than just
> > firewall and would make a good small addition to the book.
> >
> > I haven't attempted it yet, but I could spare some time on documenting
> > it's installation for the book or even just the hints.
> Paul, I would agree with you that this would make a nice addition, but the
> last I read about Bastille, they were specifically targeting RedHat 6.x,
> and ignoring the rest of the world. Things may have changed, I don't recall
> how long ago that was, but you might want to research what platforms
> Bastille supports first.

>From what I read, yes, they are targeting Redhat.  However, it's not
too difficult to tune things for another installation.  "Not too difficult"
meaning - if you know your distro well enough.
I think it was a Linux Journal article (or another Linux magazine)
that had an article about it.  They tried it on SuSE 6.4, and, with
a little tweaking, got it to work.

But, I still don't think Bastille will be easy enough to work with for

Tell us how to install the tools, any init scripts we may need,
and a sample configuration file that is pretty restrictive.  Then,
point us off to some links that discuss Firewall rules and
security.  That's the best solution.
Definitely include a disclaimer that says something like:
"This configuration is not complete.
It is only a reference.  Firewall security is a complex issue that
requires good configuration rules.  You can find some great information
about firewalls at http://......"

My 2 shillings(sp?),


More information about the blfs-book mailing list