Re: Firewall and Laptop
On Friday 31 December 2004 10:54, Bill Moseley wrote:
> Which of the firewall packages is closest to building iptables rules
> by hand?
> I, for one, prefer to have just one file that contains the iptables
> commands to build the firewall. The front-end tools are nice but I
That's exactly what you get with Guidedog. It creates a single script that
will run on both ipchains and iptables, so it's at least twice the size it
really needs to be, but once you've set up the script you could never bother
to use guidedog again, if that's what turns your crank. It's not reflexive
though - I don't know of a firewall tool that can take a firewall script as
_input_, so once you modify the script, you can't use the GUI tool any more
without losing the hand edited changes. If anyone does know such a tool I'd
be willing to give it a try.
> feel like they make me learn about how to run their tool instead of
> how to work with iptables -- an obscuring layer, in effect. It's also
> easier to understand (for me) when it's a simple hand-edited script
> that gets run out of init.d and /etc/networking/interfaces.
Well, ipchains was obscure enough. Iptables is even more so. I can't really
see a good GUI being an "obscuring layer".