Keith Roberts wrote:
> On Sat, 16 Jul 2011, Ljubomir Ljubojevic wrote:
>
> *snip*
>
>> I wrote about "physical presence *outside* of your network", like if you
>> are on a large WISP that uses bridged network (bad design) and your
>> Wireless client is bridged, and you have single NIC firewall in place,
>> entire WISP's network will be able to sniff your traffic and hack into
>> unprotected workstations/desktops. And there are those scenarios, much
>> more then you can think.
>
> Which is why one poster mentioned that you need to be
> familiar with IPtables and Networking before trying to make
> your machine(s) network(s) secure?
>
> I read some time ago something about tunneling different
> protocols through firewalls? which sounded quite scary.
>
All firewalls (on Linux at least) are by default closed, and you need
knowledge to punch through the wholes for your public services.
Its something like this:
Deny all (other) connections
then you add few rules and it looks like this:
Allow service listening on port X
Allow service listening on port Y
Allow service listening on port Z
Allow service coming from IP A (and port W)
Allow service coming to IP B (and port U)
Deny all (other) connections
Packets are sent through the chain (of the rules like above) and when
they hit some rule, desired action is performed and that packet (mostly)
stops going down the chain, so it does not hit bottom rule. If packet
does not mach any "allow" rule, then it will hit (one of) deny rule and
that connection will be terminated.
If you want easy to understand Firewall/router PC based on RHEL/CentOS
try ClearOS, and if you want it *on* the CentOS I suggest to check
shorewall.
www.shorewall.net is also excellent site to learn about firewalls and
routers in general with lot's of examples.
Ljubomir
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
