Linux Journal: A Few Recipes for Easier Firewalls

“François! You call that a security notification? The
message must contain more information than “This is a test of the
emergency security broadcast system”, if any self-respecting
system administrator is going to be able to act on it. Qu’est-ce
que je vais faire avec toi? François, what are you looking
at? What? Oh, mes amis, forgive me. I did not notice your arrival.
We were setting up some new security policies on our Linux servers,
and François had written a script to detect my port scans
and I was completely distracted.”

“François! Wine for our friends. Vite! Vite! Come, mes
amis. Let me show you to your tables. As you get comfortable, I
should tell you about this message my waiter had the system send
out. I did a thorough port scan on the system, and all he sends as
notification is that old “This is a test of the emergency et
cetera” type of message. Not much of a description, non? You know,
when I was younger and they had those messages on television, I
always suspected that if there had been a real emergency, we would
not have gotten the message because those who knew of the problem
would already have been in hiding. A little joke, mes amis. Ah,
François. Yes. An excellent choice of wine. You will like
this one, mes amis, a superb 1995 Montrachet. Please pour,
François.” “Security, as you know, is very serious business
indeed. Every day, we hear of damage caused by viruses, of new
exploits through which crackers compromise systems. For those of us
in the information technology restaurant business, these are
challenging times. We must be ever vigilant. A good firewall, then,
is an excellent beginning. But how to do it simply is the question,