On Sun, Aug 01, 2004 at 04:14:48AM +0100, Sam Halliday wrote:
> Sam Halliday wrote:
> > Paul Gear wrote:
> > > Sam Halliday wrote:
> > > > ...
> > > >>Debian supports shorewall, a great iptables preprocessor - get a
> > > >recent>version from backports.org, and you're laughin'!
> > > >
> > > >
> > > > cheers... but i do not need a way to generate rules; i already know
> > > > how to do that. i just want to know if there is a standardised debian
> > > > way of loading up a firewall on startup... like a file i need to dump
> > > > my (customised) `iptables-save` output into. else i will just write
> > > > my own initscript.
> > >
> > > I know how to do it as well, but i don't because shorewall saves a lot
> > > of time and effort, and protects you from typos.
> >
> > /me does `apt-get install shorewall` and to hell with figuring out the
> > proper way :-)
>
> hmm, its actually more effort to learn this shorewall thing than just
> make my own initscript...
>
> thanks anyway
Think differently. It is a learning vehcle.
If you are good at writing customized script, you may want to compaire
with the ones created with some of these prepackaged firewall script
results.
running 3 commands:
iptable -v -L -n -t filter
iptable -v -L -n -t nat
iptable -v -L -n -t mangle
will teach you many tricks :)
I maintain the debian "ipmasq" package which is not really a full
firewall script as is but is a frame work to build your own.
Really, I am amazed how it grew to cope with all weired network
configuration beyond my own needs.
FYI: popularity [*]
ipmasq: 272 vote=180
shorewall: 237 vote=124
Both are not bad for such a niche program.
Osamu
[*] http://qa.debian.org/developer.php?popcon=ipmasq
http://qa.debian.org/developer.php?popcon=shorewall
Attachment:
signature.asc
Description: Digital signature