Re: [Hampshire] Firewall stuff

On 29/02/2008, Isaac Close <isaacclose@???> wrote:
> hello peeps,
>
> I've been having a long drawn out argument with someone about this as of
> late.
> And whats added to the situation is that one of my boxes got heavily spammed
> on monday resulting in a fairly bad DoS.
>
> Normally when i build an email server I have a recipient accept list, that
> is, any name not on the list gets bounced by Postfix, and thus NOT processed
> by spamassasin etc. If this was in place on Monday, there would not have
> been a DoS as it was only 11,000 spams during the day, which I consider not
> too bad.
>
> However since i'm using a 'recommended' SME (rubbish) server as a bet, it
> fell to its knees to my delight. That's only a start. The person in question
> arguing the toss states that I need a hardware firewall, for example
> 'endian'.
>
> No I don't, i use iptables.
>
> Without harping on too much about this subject, i was wondering about other
> peoples opinions about the need for a BIG SHINEY EXPENSIVE EVERYTHING WILL
> BE OK BS FIREWALL BOX, and perhaps to know what other people are using.
>
> I don't run windows machines. I packet filter on every box, its a chore but
> i know whats going on to some degree atleast, and I try to configure
> apache,postfix and the rest to the best i can. And to my knowledge and my
> IDS, my networks seem to be fairly secure.
>
> I want to be wrong.
>
> Isaac Close
>

The is a little matter of EAL4 certification that is generally
required of the firewall by an security conscious business. Your use
of IPTABLES alone will not reach EAL4.

James