[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall-troubleshooting

Daniel Pittman <daniel@rimspace.net> wrote:
> Sure, a lot of them suck.  In fact, most of them *really* suck, in my
> opinion.  
> I found that 'firehol' was quite a surprise to me -- not only didn't it
> suck, it actually improved my hand-written firewall somewhat.  

Firehol still sucks: It's bash-dependant (no good for OpenWRT), the
output script isn't self-contained, and it takes forever to run on a
Pentium 166.

That being said, it's still my choice of firewalling tool. Writing
firewalls with iptables directly is like programming in assembler - do
it once just to learn how to do it and to learn why not to do it.
Sam "Eddie" Couter  |  mailto:sam@couter.dropbear.id.au
Debian Developer    |  mailto:eddie@debian.org
                    |  jabber:sam@teknohaus.dyndns.org
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C

Attachment: signature.asc
Description: Digital signature

Reply to: