If you don't know how to configure it, SELINUX will do you in. iptables is very safe but you've got to give access to ONLY what you need and nothing more. ports-open only what you use., IP addresses-allow access from certain IPs only so that for instance to login to the said box from the Internet, you would have to first telnet/ssh to an allowed IP to gain access.

Regards,


On Fri, Sep 17, 2010 at 3:50 PM, Simon Mbuthia <simon.mbuthia@gmail.com> wrote:
Hi guys,

I have been running a CentOS firewall for a few months, but it seems to me like the machine is posessed by something. All of a sudden no port is open from outside except ssh which I'd like to be accessible only from within my LAN. The problem is SELINUX. I'm a bit apprehensive about disabling SELINUX [and only use iptables] though I don't know what security risks I'd be exposing myself to by so doing - if any. Thanks to one skunkmaster Jangita, I have learnt about Zentyal, a Ubuntu/Debian-based ... thingie that comes bundled with a number of services [firewall, IDS etc] which can be administered thru a sleek web-based interface.

My question/s is/are: would it be safe for me to use iptables only and disable SELINUX? Is Zentyal formidable enough to use as a security solution for a small business network? And why does SELinux have to be such a pain in the neck???



Me.

_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&hl=en
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke