Re: some reality about iptables, please
* Steve Lamb (grey@dmiyu.org) wrote:
enough. What isn't it covering? How do I know?)
>
> Uh, by testing? It is far easier to set something up and test it than it
> is to learn the whole freakin' system from scratch. From what I've seen of
> your setup Shorewall would hand it trivially. Define 4 interfaces, define
> policy for those interfaces, define rules for which you need exceptions to
> policy. Done.
>
I beg to differ. When I installed shorewall, it gave some
not-very-comprehensible options, and then did not give me what I
wanted or needed. Nothing was going to get in, but it managed to
prevent me from getting out, mis-assigned the interfaces, and was
generally a PITA. I wiped it, and went back to adapting what I knew
from ipchains. It wasn't easy at first to work directly from
iptables, but once you wrap your head around the concepts, and have a
look at scripts done by other people, it goes fairly well.
Cam
--
Cam Ellison Ph.D. R.Psych.
From Roberts Creek on B.C.'s incomparable Sunshine Coast
cam(at)ellisonet(dot)ca
camellison(at)dccnet(dot)com
cam(at)fleuryassociates(dot)com
Reply to: