Re: Firewall and Laptop
Which of the firewall packages is closest to building iptables rules
I, for one, prefer to have just one file that contains the iptables
commands to build the firewall. The front-end tools are nice but I
feel like they make me learn about how to run their tool instead of
how to work with iptables -- an obscuring layer, in effect. It's also
easier to understand (for me) when it's a simple hand-edited script
that gets run out of init.d and /etc/networking/interfaces.
For example, I use gshield on one machine, which is reasonably basic,
but I have not figured out why when I traceroute out that machine
blocks. gshield has a config file, but I'd rather be trying to edit
the basic iptables commands.
I think my firewall needs are reasonably common, too. I need NAT and
to allow a few services in and a DMZ. A well commented iptables
script would be fine. I can cut-n-paste some iptables rules to open a
new port. But, I do need a tool that will set all those default rules
for spoofing in invalid ip blocks that are not specific to how my
machine is configured.
On my laptop I've been running ipmasq.