So I'm building up a transparent bridge to filter out various
types of nefarious packets, common to ddos and other attack vectors. I
found a straightforward, Debian centric document . The bridge will sit
closer to the Internet, with a third ethernet port for management and
updates. Key areas of the hardened kernel to configure, are most welcome.
Also, any suggestions, or the ebtables/iptables or other configurations and
scripts are welcome too. Most servers will be of the amd64 hardened profile.
My intial thoughts on the ethernet management interface is to only connect
it to the LAN segment directly during updates, and such, but other ideas on
bridge management are welcome. I have five static IPs.
Naturally, a traditional firewall router with (5) ethernet interfaces
will follow the bridge. The idea is to have the bridge filter out
the heavy traffic and let the firewall router have an easier time
and afford some 'fine grained' rulesets without overwhelming the
cpu/ram resources. Beside the incoming (1) net interface[ it will have
separate ethernet interfaces for (2) dns, (3) mail and (4) web servers as
well as the (5) lan. With separate zones, I can put a sniffer on any of the
zones and look for issues related to that interface zone and the limited
services running therein. Any current example iptables configurations for
such a firewall are most welcome. I hope we can end up with a reference
configuration in the gentoo wiki, after some community inputs and
refinements, including basic diagrams.
All input is welcome,