neil

I would like to use my minix system for my everyday computing needs as it
will help me to learn a lot faster by regular use.

Tools are already available for surfing the net (lynx), email retrieval
and reading usenet (pine).

My question: is there a firewall for minix 3? I dont know a whole lot
about firewalls - other that i should not connect to the net directly
without one.

I know Ipchains / Iptables are part of the linux kernel, but as far as i
understand this is not implemented in minix 3. Is there any other firewall
solution that anyone can recommend? Ive tried searches for this without
sucess.

Or is the best way for me to use the Minix internet tools only through a
firewalled box running another OS? (this is not ideal solution for me).

brian l. troutwine

Most people aren't connecting directly to the internet anyway. The odds
are that unless you know for certain that you're connecting to the
public net you're not. Routers, ADLS modems and such usually have a
built in firewall. But, for the sake of discussion, let's ignore that.

Firewalls are useful in so far as they hinder or stop the public
internet from seeing things on your private network. If you've got
nothing on your private network that you want or need to hide, then
having a firewall isn't really essential. It's not a bad thing to have,
but it's not true that you shouldn't connect to the net directly
without one. I don't know what sort of things you're wanting your minix
box to do, but if it's not going to be running any nifty network things
then it may well not be worth all the fuss. Computer security is a
matter of layers, of course, and the firewall is just one of them.

So, in short, a box that's not broadcasting services or one that
doesn't have various known remote exploits doesn't need a firewall.
It's simply not true that you should not connect to the net directly
without one.

But don't take my word for it. Read up on firewalls and network
security; then you'll be able to answer your own question. The
wikipedia is a pretty good resource.

colonel_hack

Security should be based the other way. If you don't know for certain,
assume the worst, not the most common.


ADLS possibly. On cable it's often a pretty open network. Unless you have
a multiport hub or wireless it common that it doesn't even do NAT, just a
single address translation. And wireless is -very- often wide open and
then the intruder is usually already behind the firewall. Sometimes the
first problem connecting to your wireless is -not- connecting to the neighbors :-)


Or using you compromised system to stage attacks on other systems, use as
zombie remailers or set up a warez (or worse!) site, or just getting their
kicks out of trashing whatever work you've done.


I guess I'd put it about the same level as a spare tire for your car.
Maybe not vital, but someday it could very likely save you a major
headache...

Plus, MINIX on a minimal machine might make a nice firewall.
A quick search didn't find one, but found somebody who wrote one:
http://www.securityfocus.com/jobs/resumes/1748

3ch

kjb=734401@cs.vu.nl (kees j

I've only found firewalls useful for protecting an operating system
that I do not fully control. With Minix, control is possible. Start
by creating a /etc/serv.access file and reboot. Now all daemons
started by tcpd will no longer accept any connections. Read the
serv.access(5) manual page and add rules to /etc/serv.access to allow
access only from the right networks. Hope the servxcheck(3) code isn't
buggy.

It may be useful to know that 'tcpstat -a' shows a list of ports that
the machine is listening on. (Like 'netstat -a' on other OSen.)
--
Kees J. Bot, Systems Programmer, Sciences dept., Vrije Universiteit Amsterdam