El lun, 18 de 10 de 2004 a las 13:45, NabilM@kuveytturk.com.tr escribiÃ:
Fwbuilder has a very nice object based approach like Checkpoint. You can
make objects and place them in domains and assign/remove rule sets. Only
concern is the compilation of objects and rule sets into iptables rule
sets is secure enough to be used in an enterprise. Iptables all alone is
sure NOT and enterprise product mainly because it is not user friendly
(though there are other deficiencies like having statefull filtering and
not statefull inspection). In other words, for and enterprise, can we
have a hardened Linux box as a firewall that uses iptables by creating
the iptables rules using fwbuilder? How secure or insecure is it?
-Nabil.
I think a script generated by fwbuilder it's not secure enough
by itself to be installed in a production site. The problem I
find it's it doesn't manage well the spoofing situations, it
does not let you configure the ICMP traffic in a proper way
and easily and it doesn't manage all the iptables posibilities.
Anyway I think a fwbuilder script it's a very good option to
start to write a script, you generate the script with fwbuilder
and then you edit it to suit your needs, but I don't think
fwbuilder alone can generate script for productions systems
right now.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÃA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
