@Simon

For starters, enabling SELinux will indeed give you some sleepless nights and would be best if you disabled it.
The security of your system/network is dependent on how well you configure iptables.

Zentyal and other bundled network management systems eg ClearOS [based on centos also web-based interface] can be good admin. products but you need to fully understand what they can do and what they cannot with relation to your needs.

my thoughts

On Fri, Sep 17, 2010 at 3:50 PM, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
Hi guys,

I have been running a CentOS firewall for a few months, but it seems to me like the machine is posessed by something. All of a sudden no port is open from outside except ssh which I'd like to be accessible only from within my LAN. The problem is SELINUX. I'm a bit apprehensive about disabling SELINUX [and only use iptables] though I don't know what security risks I'd be exposing myself to by so doing - if any. Thanks to one skunkmaster Jangita, I have learnt about Zentyal, a Ubuntu/Debian-based ... thingie that comes bundled with a number of services [firewall, IDS etc] which can be administered thru a sleek web-based interface.

My question/s is/are: would it be safe for me to use iptables only and disable SELINUX? Is Zentyal formidable enough to use as a security solution for a small business network? And why does SELinux have to be such a pain in the neck???



Me.

_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&hl=en
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke