gregturp at home.com
Sun Aug 12 20:53:44 PDT 2001
On Sunday 12 August 2001 7:44 pm, you wrote:
> On Mon, Aug 13, 2001 at 12:53:54AM +0100, Paul Campbell wrote:
> > I in the end, after lastly attempting the LFS-firwall hint, on my
> > mandrake server gave up and installed bastille. I feel that a "Last -
> > Resort - Idiots - Firewall" should at least reference this utility. As
> > far as understand it, Bastille is simply a series of very well written
> > perl scripts, but Bastille Interactive goes much further than just
> > firewall and would make a good small addition to the book.
> > I haven't attempted it yet, but I could spare some time on documenting
> > it's installation for the book or even just the hints.
> Paul, I would agree with you that this would make a nice addition, but the
> last I read about Bastille, they were specifically targeting RedHat 6.x,
> and ignoring the rest of the world. Things may have changed, I don't recall
> how long ago that was, but you might want to research what platforms
> Bastille supports first.
>From what I read, yes, they are targeting Redhat. However, it's not
too difficult to tune things for another installation. "Not too difficult"
meaning - if you know your distro well enough.
I think it was a Linux Journal article (or another Linux magazine)
that had an article about it. They tried it on SuSE 6.4, and, with
a little tweaking, got it to work.
But, I still don't think Bastille will be easy enough to work with for
Tell us how to install the tools, any init scripts we may need,
and a sample configuration file that is pretty restrictive. Then,
point us off to some links that discuss Firewall rules and
security. That's the best solution.
Definitely include a disclaimer that says something like:
"This configuration is not complete.
It is only a reference. Firewall security is a complex issue that
requires good configuration rules. You can find some great information
about firewalls at http://......"
My 2 shillings(sp?),
More information about the blfs-book