Re: acme-firewall
2012/1/20 Kenyon Ralph <kenyon@kenyonralph.com>:
> On 2012-01-20T00:13:37+0100, Arturo Borrero Gonzalez <cer.inet@linuxmail.org> wrote:
>> I've been working on a debian package with a basic iptables-based
>> firewall system.
>>
>>
>> I read some info regarding debian and firewalling here:
>>
>> http://wiki.debian.org/DebianFirewall
>> http://wiki.debian.org/Firewalls
>> http://wiki.debian.org/iptables
>>
> [...]
>> I see this basic approach a nice way to include a firewall as a
>> service in the system. No one of the packages listed in the debian
>> wiki seems to only deploy a structure where the system admin can build
>> his own firewall. This package just try to do that.
>
> The iptables-persistent package is missing from those wiki pages. I
> haven't tried it, but it may be worth looking at.
>
> Maybe you could just install iptables-persistent and distribute the
> iptables rules that you want, using puppet for example (of course, if
> you're using puppet you would automate the installation of the package
> too). Or, you could build your own local version of the package with
> the default configuration you want.
>
> --
> Kenyon Ralph
Hi there.
You are rigth. The package "iptables-persistent" has the same
objetives than mine. But there are still some differences between that
package and mine, such as:
· Low functionality init.d script. The script can't even stop the
firewall. In fact, the package just does what they told:
Descripción: Simple package to set up iptables on boot
This package contains just a system startup script that restores
iptables rules from a configuration file.
· My init.d script could stop the firewall, restart it, change quickly
the default policy, flush iptables rules without flushing nat ones
(very useful in some environments), change the ip_forwarding kernel
keys if the machine
I think acme-firewall is a better service aproach.
Best regards.
--
/* Arturo Borrero Gonzalez || cer.inet@linuxmail.org */
/* Use debian gnu/linux! Best OS ever! */
Reply to: