[ale] best FIREWALL product for a home LAN ?

Jim Sculley niceguyj at comcast.net
Thu Jan 31 17:32:44 EST 2008


Michael B. Trausch wrote:
> On Mon, 2008-01-28 at 19:33 -0500, Courtney Thomas wrote:
>   
>> Just finished Bruce Schneier's book Secrets and Lies which inspired me
>> to try to implement a suitable firewall for my home lan which has a
>> variety of machines, MS, FreeBSD, Linux, Apple, etc..
>>     
>
> For a home network, the best option is a NAT with nothing port-forwarded
> or DMZ'd.  Unless you need something special, that's the best way to go.
> Also just make sure that the external (from the WAN side) management
> interface is disabled.
>
> That can be accomplished through any commodity routing device.
>
> I use iptables on my network, with my network server holding a few
> Internet-exposed ports and everything else dropped.  
Ditto here.  I used this link to understand how iptables works:

http://iptables-tutorial.frozentux.net/iptables-tutorial.html


> Also currently
> dropping packets from several places abroad (got sick of the SSH
> attacks).
>   

For that, I use denyhosts:

http://denyhosts.sourceforge.net/

To date there are 24,761 IP addresses in my /etc/hosts.deny file.


You can also use Steve Gibson's hokey 'Shields Up' utility to see what 
ports the outside world can access.

http://www.grc.com



More information about the Ale mailing list