Re: who has *arguably* the best iptables firewall script around here?
At 999056559s since epoch (08/28/01 16:42:39 -0400 UTC), thomas anderson wrote:
>
> If you think you do please tell us why
I do, for one good reason: I *understand* it.
Firewalls are one of those things where you really should have at least some
of an idea of how they work. Who writes your firewall script doesn't really
matter if you have no idea how it actually works.
Each firewall script is unique and may serve different purposes. For
example, my script is designed for a machine that's sharing a cable modem
connection with other boxes on a private LAN (with bogus IP addresses).
That's useful for me. However, it doesn't have a DMZ, and it doesn't
forward any ports to the internal machines.
I'm sure others will have other scripts that are good for other things
(single machines with no services; machines that run servers; permissive
firewalls that allow connections to the internal machines; etc). Pick the
ones you like, study them well, and use them.
I personally read some good tutorials, borrowed a lot of stuff, and crafted
my own to fit my needs. If you're interested in a
DHCP-cable-NAT-gateway-that-runs-services firewall script, drop me a line.
Jason
--
Jason Healy | jhealy@logn.net
LogN Systems | http://www.logn.net/
Reply to: