Re: Firewall and Laptop
On Friday 31 December 2004 14:21, Marcus C. Gottwald wrote:
>
> I do like the way iptables is used in woody: You create your
> chains and rules any way you like and once you're done, you tell
> it to save the current state (by executing
> "/etc/init.d/iptables save active"). You can easily make copies
> of the dump for backup purposes. Also, if a change turns out to
> break something, running "/etc/init.d/iptables start" before a
> "save" will simply revert the changes.
iirc, that was an add-on. iptables-save is now available as part of the
iptables package (there's no init.d script, but it is
in /sbin/iptables-save).
> Out of curiosity: What features are expected from a config tool?
> On a laptop computer, you'd seldom need a lot more than to allow
> outgoing, related or established traffic plus incoming SSH,
> wouldn't you?
Heavens, my laptop is a portable web/database/file/printer server :-) I think
that my rules _could_ be much simpler - many of the ones that were set up by
Guarddog should be just covered by global "outgoing, related or established"
rules, and then I could configure specific incoming overrides for the rest.
I'd consider the rules for a laptop to be much more complex than for the
average desktop machine.
--
derek
Reply to: