Re: What is a good firewall tool?
Interesting you would say that as I have a static 24/7
FreeS/WAN tunnel between my LAN in San Jose, CA and my consulting
partner's LAN in Stone Mountain, GA... All traffic between the two
networks goes over ipsec0 and eth1... eth0 is the external interface on
both network firewalls... There are no rules in either side for ipsec0
only eth0 and eth1 and traffice between both networks are
unrestricted...
Jeremy
On Tue, May 06, 2003 at 11:56:43PM +0200, tilo kremer wrote:
> Jeremy T. Bouse wrote:
>
> > I know first-hand that Vadim Kurland has made multiple improvements
> > to
> >the iptables (fwbuilder-ipt) policy compiler on suggestions made back. I
> >tend to
> >be a unique testbed because of my own network topography. I can also say my
> >firewall has been running using fwbuilder since I switched from ipchains
> >back
> >around mid-2001 when I started maintaining fwbuilder. Since this time the
> >iptables script generated has made vast improvements and I'm finding it
> >harder
> >to find cases it does not handle...
>
> what we are actually missing is the case where we try to deny all (most)
> traffic
> on a normal interface and only allow traffic via ipsecX. Right now, we
> add the missing
> lines after compiling the scripts.
>
> greets,
> t
>
>
Reply to: