[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] best FIREWALL product for a home LAN ?
- Subject: [ale] best FIREWALL product for a home LAN ?
- From: niceguyj at comcast.net (Jim Sculley)
- Date: Thu Jan 31 17:32:44 2008
- In-reply-to: <1201569593.25847.45.camel@sage>
- References: <034f01c8620e$8de52cd0$6101a8c0@SAMBA> <1201569593.25847.45.camel@sage>
Michael B. Trausch wrote:
> On Mon, 2008-01-28 at 19:33 -0500, Courtney Thomas wrote:
>
>> Just finished Bruce Schneier's book Secrets and Lies which inspired me
>> to try to implement a suitable firewall for my home lan which has a
>> variety of machines, MS, FreeBSD, Linux, Apple, etc..
>>
>
> For a home network, the best option is a NAT with nothing port-forwarded
> or DMZ'd. Unless you need something special, that's the best way to go.
> Also just make sure that the external (from the WAN side) management
> interface is disabled.
>
> That can be accomplished through any commodity routing device.
>
> I use iptables on my network, with my network server holding a few
> Internet-exposed ports and everything else dropped.
Ditto here. I used this link to understand how iptables works:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
> Also currently
> dropping packets from several places abroad (got sick of the SSH
> attacks).
>
For that, I use denyhosts:
http://denyhosts.sourceforge.net/
To date there are 24,761 IP addresses in my /etc/hosts.deny file.
You can also use Steve Gibson's hokey 'Shields Up' utility to see what
ports the outside world can access.
http://www.grc.com