Re: What is a good firewall tool?
Jeremy T. Bouse wrote:
I know first-hand that Vadim Kurland has made multiple improvements to
the iptables (fwbuilder-ipt) policy compiler on suggestions made back. I tend to
be a unique testbed because of my own network topography. I can also say my
firewall has been running using fwbuilder since I switched from ipchains back
around mid-2001 when I started maintaining fwbuilder. Since this time the
iptables script generated has made vast improvements and I'm finding it harder
to find cases it does not handle...
what we are actually missing is the case where we try to deny all (most)
on a normal interface and only allow traffic via ipsecX. Right now, we
add the missing
lines after compiling the scripts.