Q: What do you use a firewall? What settings, what software? Do you use an extra old PC lying around and install linux on, and leave it as a firewall server? Anyone but a router and firewall settings as a? Do you lock every door that you are not down to use a router?
Just a thread to let others know how each of us exhibits a firewall of our own.
Personally I just use the router defaults SPI and NAT and I have ZoneAlarm installed. 
Re:Is there anything I could use on a p2 400 128mb ram to act as a firewall that supports a cable modem?
A P2 400 is more than enough, the Ultra1 I'm using is only 167Mhx and even that seems overkill except for when snort gets busy.
Pretty much anything will work as long as the cable modem works, if it's like mine and just connects via cat5 to your internal network then you can plug it into the NIC in that machine and setup NAT on that machine. Linux, OpenBSD, NetBSD, FreeBSD even Windows all have NAT and firewall capabilities you just have to pick one and learn how to use it properly. OpenBSD is a decent system and I really like pf, but I had some strange issues with it on the Ultra1 because sparc64 is a new arch for them and I much prefer the way Debian handles packages than any of the BSDs. It's really personal preferance but you have to be carefull, a misconfigured firewall can be worse than no firewall at all.
Re:i know freebsd supposed to be good for firewalling too, but i have never tried it
Re:guy, OpenBSD if you're a power user or a good learner, and SmoothWall/IP Cop (Linux based firewalls) if you're more of a beginner.
Re:Originally posted by: guy
Originally posted by: guy
I dont really have highly valued data on my network, it is more just a hobby type thing..
Sure you do, machines that could potentially be used in a DoS attack if they were taken over, that should be reason enough to protect yourself.
I have a Sun Ultra1 running Debian with netfilter. I allow a handfull of ports that need to be explicitly opened (www, smtp, imaps, etc) and forwarded to internal machines (a few to my server and a few to my workstation) and the rest are just dropped.
You seem to have a high knowledge on this 
Is there anything I could use on a p2 400 128mb ram to act as a firewall that supports a cable modem?
any linux distro…with iptaples.
for newbies id say smoothwall and maybe IPcop.
once you get the hang of it you can setup your own netfilter/iptables firewall.
if you feel ambitous, there are a few iptables HOWTO's out there.
might want to check out smoothwall … it doesnt have a gui though
Re:Originally posted by: guy
I dont really have highly valued data on my network, it is more just a hobby type thing..
Sure you do, machines that could potentially be used in a DoS attack if they were taken over, that should be reason enough to protect yourself.
I have a Sun Ultra1 running Debian with netfilter. I allow a handfull of ports that need to be explicitly opened (www, smtp, imaps, etc) and forwarded to internal machines (a few to my server and a few to my workstation) and the rest are just dropped.
You seem to have a high knowledge on this
Is there anything I could use on a p2 400 128mb ram to act as a firewall that supports a cable modem?
Re:I dont really have highly valued data on my network, it is more just a hobby type thing..
Sure you do, machines that could potentially be used in a DoS attack if they were taken over, that should be reason enough to protect yourself.
I have a Sun Ultra1 running Debian with netfilter. I allow a handfull of ports that need to be explicitly opened (www, smtp, imaps, etc) and forwarded to internal machines (a few to my server and a few to my workstation) and the rest are just dropped.
Re:I use a cisco 2500 series router w/fw feature set….
I have it set up with ip inspects (basically stateful packet inspection) and i Deny all ports with a couple of exceptions (as opposed to allowing all and denying a few) Basically, any traffic initiated from my machine (requests) is allowed to come back in the requested port, but no random request to any port can be made (unless it is explicitly permitted) that is just the brink of the settings, but i think it paints the general idea….Of course I'm running NAT and all that jazz too…
I dont really have highly valued data on my network, it is more just a hobby type thing..
Re:1. debain+netfilter (iptables)
2. settings: too many rules to list
3. yes…compaq proliant 2500 – 200pro, 128mb 4.3 scsi
0 Comments.