Jeremy T. Bouse wrote:
I know first-hand that Vadim Kurland has made multiple improvements to the iptables (fwbuilder-ipt) policy compiler on suggestions made back. I tend to be a unique testbed because of my own network topography. I can also say my firewall has been running using fwbuilder since I switched from ipchains back around mid-2001 when I started maintaining fwbuilder. Since this time the iptables script generated has made vast improvements and I'm finding it harder to find cases it does not handle...
what we are actually missing is the case where we try to deny all (most) traffic on a normal interface and only allow traffic via ipsecX. Right now, we add the missing
lines after compiling the scripts. greets, t