Shorewall users - Mar 2003 - shorewall and IDS in the same box

Hi boys & girls :

Probably my Subject is crazy, but due I haven''t tryed this, I prefer to
ask.

Is it possible to run snort in a fw box (using shorewall, of course).

Your feedback will be very well appreciate.

Thanks

Benito.-

Benito A. Venegas wrote:
> Is it possible to run snort in a fw box (using shorewall, of course).
Hi,

of course you can ! This is linux after all :)

Mandrake MNF is using shorewall, snort and prelude on the same box and the
performance is pretty good.

Thanks,

Jean-Pierre Denis
jp at msfree dot ca

On Sat, 1 Mar 2003, Jean-Pierre Denis wrote:
> Mandrake MNF is using shorewall, snort and prelude on the same box and the
> performance is pretty good.
That''s interesting. So what''s the point of using Mandrake MNF
when
you can just install Shorewall, Snort, and Prelude yourself? Is the
GUI interface the only thing Mandrake MNF has to offer? From what
I''ve read, it isn''t even that good (Consider this Open
Magazine
review: "The Mandrakesoft GUI interface to Shorewall, however,
appears to be set to a hard limit of 4 devices and will not
configure multiple virtual Ethernet addresses on a single device.")
Besides, doesn''t Webmin have a GUI module for configuring Shorewall?

-- Dan
________________________________________________________________________
 Dionysos@Dionysia.org                                Daniel G. Delaney
 www.Dionysia.org/~dionysos/
------------------------------------------------------------------------
"God is as real as I am," the old man said.  And my faith was
restored,
for I knew that Santa would never lie.

Hi:

Thanks Jean and Dan  for your early response.

Any guideline, or step I need to take care to put to work 
shorewall+snort+(prelude or acid or whatever?)

Thanks again

Benito.-

On Sat, 1 Mar 2003, Jean-Pierre Denis wrote:
> 
> Benito A. Venegas wrote:
> > Is it possible to run snort in a fw box (using shorewall, of course).
> Hi,
> 
> of course you can ! This is linux after all :)
> 
> Mandrake MNF is using shorewall, snort and prelude on the same box and the
> performance is pretty good.
> 
> Thanks,
> 
> Jean-Pierre Denis
> jp at msfree dot ca
> 
> 
--

Hi,
Dan Delaney wrote:
> On Sat, 1 Mar 2003, Jean-Pierre Denis wrote:
>> Mandrake MNF is using shorewall, snort and prelude on the same box
>> and the performance is pretty good.
>
> That''s interesting. So what''s the point of using Mandrake
MNF when you
> can just install Shorewall, Snort, and Prelude yourself?
So what''s the point of using Shorewall when you can create your own set
of iptables rules yourself?

I guess a good answer for both of the above questions is _simplicity_ .

I just referred to MNF as an example of a distro that use shorewall and
an IDS on the same box.
> Is the GUI interface the only thing Mandrake MNF has to offer?
well, this is becoming a little bit off-topic...

No the GUI is not the only thing they have to offer. I personally think
that MNF is a great product. But it have is pros & cons.
> From what
> I''ve read, it isn''t even that good (Consider this Open
Magazine
> review: "The Mandrakesoft GUI interface to Shorewall, however,
> appears to be set to a hard limit of 4 devices and will not
> configure multiple virtual Ethernet addresses on a single device.")
Maybe you could download the 250 meg iso and give it a try  :-)
> Besides, doesn''t Webmin have a GUI module for configuring
Shorewall?

Thanks,

Jean-Pierre Denis
jp at msfree dot ca

On Sat, 1 Mar 2003, Jean-Pierre Denis wrote:
> So what''s the point of using Shorewall when you can create your
own set
> of iptables rules yourself?
Actually, that''s a good question, and one I was thinking about
asking everyone''s opinions on, mainly because I''m not clear on
the
issue myself. I was getting ready to setup an iptables-based
firewall and use some front-end to it like IPmenu or Firewall
Builder when I discovered Shorewall. It looks really nice, but I''m
just wondering what advantage Shorewall has over just learning to
use iptables manually. I guess the fundamental question is: "What is
the reason that Shorewall was created?" Was it just to make things
easier, or is there some larger advantage to using Shorewall?

-- Dan
________________________________________________________________________
 Dionysos@Dionysia.org                                Daniel G. Delaney
 www.Dionysia.org/~dionysos/
------------------------------------------------------------------------
We have reason to believe that man first walked upright to free
his hands for masturbation.
                                           -- Lily Tomlin

On Sunday 02 March 2003 6:53 pm, Dan Delaney wrote:
> > So what''s the point of using Shorewall when you can create
your own set
> > of iptables rules yourself?
For me it is kinda like asking why buy a car when you can build it yourself. 
Or, why use Java when you can program in assembly?   Tom''s Shorewall
makes
firewalling  a relatively simple process and you dont have to learn some 
wacky syntax, Tom did that for us.

It''s pretty much the same reason people use GIU''s, to make
life simpler.
Besides, some of us are dummies or old, or both and we need all the help we 
can get.

That''s my nickle''s worth.
Richard

On Sun, 2 Mar 2003, Richard wrote:
> On Sunday 02 March 2003 6:53 pm, Dan Delaney wrote:
> > > So what''s the point of using Shorewall when you can
create your own set
> > > of iptables rules yourself?
>
> For me it is kinda like asking why buy a car when you can build it
yourself.
> Or, why use Java when you can program in assembly?   Tom''s
Shorewall makes
> firewalling  a relatively simple process and you dont have to learn some
> wacky syntax, Tom did that for us.
>
> It''s pretty much the same reason people use GIU''s, to
make life simpler.
> Besides, some of us are dummies or old, or both and we need all the help we
> can get.
>
> That''s my nickle''s worth.
And a darn good nickle that is, Richard.  But, you left out the 3rd
reason, lazy.  Some of us are old, dumb, and lazy.  :-)


-- 
http://www.shorewall.net/  for all your firewall needs
http://www.greshko.com

--On Saturday, March 01, 2003 08:57:03 PM -0500 "Benito A. Venegas" 
<bvenegas@securities.com> wrote:
>
> Is it possible to run snort in a fw box (using shorewall, of course).
>
> Your feedback will be very well appreciate.
>
My feeling here is that if you don''t run any Internet-accessible
services
on your firewall, then running Snort there is a waste of time. I would 
rather advise you to run an IDS on your servers since they are the systems 
that are vulnerable.

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net

On Tue, 2003-03-04 at 09:28, Tom Eastep wrote:
> --On Saturday, March 01, 2003 08:57:03 PM -0500 "Benito A.
Venegas"
> <bvenegas@securities.com> wrote:
> > Is it possible to run snort in a fw box (using shorewall, of course).
> 
> My feeling here is that if you don''t run any Internet-accessible
services
> on your firewall, then running Snort there is a waste of time. I would 
> rather advise you to run an IDS on your servers since they are the systems 
> that are vulnerable.
Benito,
You may want to run a Nessus audit on all of your internal zones too.

    Nessus
    http://nessus.org/

This site will perform an external Nessus audit of your access point.

    Vulnerabilities.org
    http://vulnerabilities.org/

-- 
Mike Noyes <mhnoyes @ users.sourceforge.net>
http://sourceforge.net/users/mhnoyes/
http://leaf-project.org/  http://sitedocs.sf.net/  http://ffl.sf.net/