Re: Firewall-troubleshooting

To: debian-security@lists.debian.org, debian-firewall@lists.debian.org
Subject: Re: Firewall-troubleshooting
From: Sam Couter <sam@couter.dropbear.id.au>
Date: Sun, 3 Jul 2005 17:20:00 +1000
Message-id: <[🔎] 20050703072000.GS12693@yosamite.tekno.house>
Mail-followup-to: debian-security@lists.debian.org, debian-firewall@lists.debian.org
In-reply-to: <[🔎] 87y88or3jd.fsf@enki.rimspace.net>
References: <[🔎] 42C6FD25.20507@gmail.com> <[🔎] 87irzssnzi.fsf@enki.rimspace.net> <[🔎] 42C744B3.3090804@gmail.com> <[🔎] 87y88or3jd.fsf@enki.rimspace.net>

Daniel Pittman <daniel@rimspace.net> wrote:
> Sure, a lot of them suck.  In fact, most of them *really* suck, in my
> opinion.  
> 
> I found that 'firehol' was quite a surprise to me -- not only didn't it
> suck, it actually improved my hand-written firewall somewhat.  

Firehol still sucks: It's bash-dependant (no good for OpenWRT), the
output script isn't self-contained, and it takes forever to run on a
Pentium 166.

That being said, it's still my choice of firewalling tool. Writing
firewalls with iptables directly is like programming in assembler - do
it once just to learn how to do it and to learn why not to do it.
-- 
Sam "Eddie" Couter  |  mailto:sam@couter.dropbear.id.au
Debian Developer    |  mailto:eddie@debian.org
                    |  jabber:sam@teknohaus.dyndns.org
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Firewall-troubleshooting
  - From: KC <sedebian@gmail.com>
- Re: Firewall-troubleshooting
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: Firewall-troubleshooting
  - From: KC <sedebian@gmail.com>
- Re: Firewall-troubleshooting
  - From: Daniel Pittman <daniel@rimspace.net>

Prev by Date: Re: Firewall-troubleshooting
Next by Date: Re: Firewall-troubleshooting
Previous by thread: Re: Firewall-troubleshooting
Next by thread: Re: Firewall-troubleshooting
Index(es):
- Date
- Thread