Daniel Pittman <daniel@rimspace.net> wrote: > Sure, a lot of them suck. In fact, most of them *really* suck, in my > opinion. > > I found that 'firehol' was quite a surprise to me -- not only didn't it > suck, it actually improved my hand-written firewall somewhat. Firehol still sucks: It's bash-dependant (no good for OpenWRT), the output script isn't self-contained, and it takes forever to run on a Pentium 166. That being said, it's still my choice of firewalling tool. Writing firewalls with iptables directly is like programming in assembler - do it once just to learn how to do it and to learn why not to do it. -- Sam "Eddie" Couter | mailto:sam@couter.dropbear.id.au Debian Developer | mailto:eddie@debian.org | jabber:sam@teknohaus.dyndns.org OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
Attachment:
signature.asc
Description: Digital signature