Distro Choice for iptables as Enterprise Firewall

Distro Choice for iptables as Enterprise Firewall

[Rackage | Randles]

Hi,

I'm new to iptables and this list so forgive me if this subject has been 
covered previously.

I'm sure this topic is a cause for much debate with no definitive answer 
however I would be glad to hear suggestions never the less.

What Distro's are recommended for deploying iptables as a dedicated 
firewall?

What server hardening steps would you recommend? (/Bastille?)

Thx in advance.

Regards

Ben

Re: Distro Choice for iptables as Enterprise Firewall

[Maximilian Wilhelm]

Am Sonntag, den 31 Dezember hub Rackage | Randles folgendes in die Tasten:

Hi!

> I'm new to iptables and this list so forgive me if this subject has been 
> covered previously.

> I'm sure this topic is a cause for much debate with no definitive answer 
> however I would be glad to hear suggestions never the less.

> What Distro's are recommended for deploying iptables as a dedicated 
> firewall?

I like a small Debian installation for this purpose most.
The Debian base install is very small and you can easily remove unused
parts of it and add only the things you need (iptables, vlan, iproute,
younameit).
So you have full control on what is installed on your firewall and don´t
have to warry about unused daemons and stuff.
(I had some slightly bad experiences with a RedHat EL3 server where I
 had trouble to remove unused daemons...)

> What server hardening steps would you recommend? (/Bastille?)

Build your own kernel (currently you may want to wait to get some file
system corruption problems fixed before doing so :)) and activate
SE-Linux or patch your kernel with grsecurity[42].

Use iptables to restirct access to all needed services (ssh e.g.) and
configure your service as strict as possbile, e.g. allowing only users
with ssh-keys to access your box.

[42] http://www.grsecurity.net/

Ciao
Max
-- 
	Follow the white penguin.

Re: Distro Choice for iptables as Enterprise Firewall

[Jan Engelhardt]

On Dec 31 2006 16:31, Rackage | Randles wrote:
>
> I'm new to iptables and this list so forgive me if this subject has been
> covered previously.

(Hint: Search the archives)

> I'm sure this topic is a cause for much debate with no definitive answer
> however I would be glad to hear suggestions never the less.

(See above)

> What Distro's are recommended for deploying iptables as a dedicated firewall?

It does not matter, netfilter is a kernel component, hence works with 
any thing even self-rolled init-only scripts (like WRT54G with Linux 
use).

	-`J'
-- 

Re: Distro Choice for iptables as Enterprise Firewall

[Shannon Roddy]

On 12/31/06, Rackage | Randles <randles@rackage.com> wrote:

> What Distro's are recommended for deploying iptables as a dedicated
> firewall?
>

FWIW, I often use gentoo.

RE: Distro Choice for iptables as Enterprise Firewall

[Gary W. Smith]

I've played around with using rPath.  It allows for distro's of 200mb
and runs with 64mb ram.  Bare install is just that, almost nothing but
basic kernel components and a few essentials.  

Now at the enterprise level you can also include the optional components
that you might want.

Seems to work well for me.

We also use RHEL4 for some of our bigger environments but the min
install there includes the kitchen sink.

> -----Original Message-----
> From: netfilter-bounces@lists.netfilter.org [mailto:netfilter-
> bounces@lists.netfilter.org] On Behalf Of Rackage | Randles
> Sent: Sunday, December 31, 2006 8:31 AM
> To: netfilter@lists.netfilter.org
> Subject: Distro Choice for iptables as Enterprise Firewall
> 
> Hi,
> 
> I'm new to iptables and this list so forgive me if this subject has
been
> covered previously.
> 
> I'm sure this topic is a cause for much debate with no definitive
answer
> however I would be glad to hear suggestions never the less.
> 
> What Distro's are recommended for deploying iptables as a dedicated
> firewall?
> 
> What server hardening steps would you recommend? (/Bastille?)
> 
> Thx in advance.
> 
> Regards
> 
> Ben
> 
> 
> 
> 
>