thr3ads.net - Shorewall users - [Shorewall-users] some "feature questions" [Apr 2002]

If this information is useful, please help other people find it:
Share via:

Goetz Reinicke

2002-Apr-27 17:45 UTC

[Shorewall-users] some "feature questions"

Hi,

I recently got a book about linux firewalls (for ipchains), and in the 
examples they activate/dissable some funktions in /proc/sys/net/ipv4.

E.g. reject ICMP-Redirects, protection against bogus IPs, activate 
TCP-SYN-Cookies, reject source routed packets. Furthermore they reject 
fragmented packets.

Are there any comparable mechanisms in shorewall? Or do I have to 
activate those protections by hand / systemstart?

Thanks.

cu...
...Götz Reinicke

- Götz Reinicke -------------------- mailto: greinick@filmakademie.de -
   IT Koordinator                                   Tel: 07141/969-420
   IT-OfficeNet Filmakademie Baden-Württemberg    Fax: 07141/969-55420
- Mathildenstr. 20, 71638 Ludwigsburg ----------- www.filmakademie.de -

Tom Eastep

2002-Apr-30 14:09 UTC

head link

[Shorewall-users] some "feature questions"

On Sat, 27 Apr 2002, Goetz Reinicke wrote:
> Hi,
>
> I recently got a book about linux firewalls (for ipchains), and in the
> examples they activate/dissable some funktions in /proc/sys/net/ipv4.
>
> E.g. reject ICMP-Redirects,
Shorewall doesn''t do that.

protection against bogus IPs,

That''s what ''routefilter'' does (interfaces file).
> activate
> TCP-SYN-Cookies, reject source routed packets. Furthermore they reject
> fragmented packets.
>
Shorewall doesn''t do any of those.
> Are there any comparable mechanisms in shorewall? Or do I have to
> activate those protections by hand / systemstart?
>
You get to do these -- In RedHat, you can use /etc/sysctl.conf; don''t
know
about other distros. You can always add ''echo'' commands to
/etc/shorewall/start.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Goetz Reinicke

2002-Apr-30 14:40 UTC

head link

[Shorewall-users] some "feature questions"

Tom Eastep wrote:> On Sat, 27 Apr 2002, Goetz Reinicke wrote:
<...>> You get to do these -- In RedHat, you can use /etc/sysctl.conf;
don''t know
> about other distros. You can always add ''echo'' commands
to
> /etc/shorewall/start.

I see! thanks....


cu...
...Götz


- Götz Reinicke -------------------- mailto: greinick@filmakademie.de -
   IT Koordinator                                   Tel: 07141/969-420
   IT-OfficeNet Filmakademie Baden-Württemberg    Fax: 07141/969-55420
- Mathildenstr. 20, 71638 Ludwigsburg ----------- www.filmakademie.de -

Shorewall users - Apr 2002 - some "feature questions"

[Shorewall-users] some "feature questions"

[Shorewall-users] some "feature questions"

[Shorewall-users] some "feature questions"