[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: acme-firewall



2012/1/20 Kenyon Ralph <kenyon@kenyonralph.com>:
> On 2012-01-20T00:13:37+0100, Arturo Borrero Gonzalez <cer.inet@linuxmail.org> wrote:
>> I've been working on a debian package with a basic iptables-based
>> firewall system.
>>
>>
>> I read some info regarding debian and firewalling here:
>>
>> http://wiki.debian.org/DebianFirewall
>> http://wiki.debian.org/Firewalls
>> http://wiki.debian.org/iptables
>>
> [...]
>> I see this basic approach a nice way to include a firewall as a
>> service in the system. No one of the packages listed in the debian
>> wiki seems to only deploy a structure where the system admin can build
>> his own firewall. This package just try to do that.
>
> The iptables-persistent package is missing from those wiki pages. I
> haven't tried it, but it may be worth looking at.
>
> Maybe you could just install iptables-persistent and distribute the
> iptables rules that you want, using puppet for example (of course, if
> you're using puppet you would automate the installation of the package
> too). Or, you could build your own local version of the package with
> the default configuration you want.
>
> --
> Kenyon Ralph


Hi there.

You are rigth. The package "iptables-persistent" has the same
objetives than mine. But there are still some differences between that
package and mine, such as:

· Low functionality init.d script. The script can't even stop the
firewall. In fact, the package just does what they told:

Descripción: Simple package to set up iptables on boot
 This package contains just a system startup script that restores
iptables rules from a configuration file.

· My init.d script could stop the firewall, restart it, change quickly
the default policy, flush iptables rules without flushing nat ones
(very useful in some environments), change the ip_forwarding kernel
keys if the machine

I think acme-firewall is a better service aproach.

Best regards.


-- 
/* Arturo Borrero Gonzalez || cer.inet@linuxmail.org */
/* Use debian gnu/linux! Best OS ever! */


Reply to: