|
TIS FWTK Firewall
Firewalls are a recognized and efficient way of protecting your data from outside attack... One of the more efficient (and least expensive -- itīs free) programs for creating simple firewalls is TIS FWTK, or Trusted Information Systems Firewall Toolkit. You can get the FWTK from ftp.tis.com
The kit includes proxies for Telnet, FTP, Rlogin, Sendmail, HTTP and the X Windows section. For each proxy, you need to specify a set of rules by editing three files.
- /etc/services
This file is already on your system, itīs used to decide what services your machine will run and what ports theyīre on. Youīll use this file to set what ports your proxies will run on.
- /usr/local/etc/netperm-table
This is a FWTK file and as such isnīt on your system until you install FWTK (makes sense, right?) In it, yoiuīll specify who can use the services FWTK will regulate.
- /etc/inetd.conf
This fileīs already on your system, too. Itīs the config file for inetd and specifies what serverīs used when a request is made for a service. Here youīre going to specify your proxies as replacements for the default servers.
Itīs now time to decide how secure your systemīs going to be. You can tell FWTK to make services allowed by default or prohibited by default. In the first case, anyhthing you donīt expressly turn off will be allowed -- in the second, anything you donīt expressly turn off (or on) wonīt be allowed.
To grant or deny access to an FWTK-controlled service, you can create IP masks to allow or disallow users... You can either disallow specific people or hosts or allow only specific people or hosts.
Because FWTK is an application gateway, any outgoing traffic is going to be proxied as well -- a problem with this kind of firewall.
So go ahead, try out some rules and have fun... This firewall isnīt really suited for a lot of more-used systems out there, but it can be a lot of fun to learn on your own.
Good luck! |
