[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall and Laptop

Derek Broughton wrote (Fri 2004-Dec-31 11:37:04 -0400):

> ... It's not reflexive 
> though - I don't know of a firewall tool that can take a firewall script as 
> _input_, so once you modify the script, you can't use the GUI tool any more 
> without losing the hand edited changes.  If anyone does know such a tool I'd 
> be willing to give it a try.

I do like the way iptables is used in woody: You create your
chains and rules any way you like and once you're done, you tell
it to save the current state (by executing
"/etc/init.d/iptables save active"). You can easily make copies
of the dump for backup purposes. Also, if a change turns out to
break something, running "/etc/init.d/iptables start" before a
"save" will simply revert the changes.

Much to my regret, this feature has been removed without
replacement in sarge. However, the scripts from woody are kept
during an upgrade and are fully functional.

Out of curiosity: What features are expected from a config tool?
On a laptop computer, you'd seldom need a lot more than to allow
outgoing, related or established traffic plus incoming SSH,
wouldn't you?

Cheers, Marcus

   Marcus C. Gottwald  ·  http://www.inf.fu-berlin.de/~gottwald/

Reply to: