Re: Starting iptables

[dtutty@porchlight.ca]

On Wed, Oct 18, 2006 at 09:06:10AM -0500, cothrige wrote:
> * Kevin Mark (kevin.mark@verizon.net) wrote:
> > > 
> > Hi Patrick,
> > most folks just run 'shorewall'! And you can add more rules if you need
> > to.
> > =Kev
> 
> This does seem to be the consensus here.  However, as I have never
> used this tool it is a bit intimidating.  And the documentation is so
> vast it may be a bit of an overkill for my very simple purposes.  You
> see, I have only one NIC which is connected to a Linksys router, which
> in turn is connected to the modem.  My modem does its own firewalling,
> but I cannot bring myself to rely entirely on it, and always set up my
> own as well.  But, because I have only one NIC I can never quite
> figure out what to do with loc in the zones, which in the
> documentation and such is always eth1, which I don't have.  Should I
> not have a loc zone?  Or do I just have eth0 for both net and loc?
> 
Under shorewall, you would not have a loc since you don't have a local
network.  You would only have 'fw', your one-and-only box is the
firewall.

As I see it, you have two choices.  If you just want something that
should do what you want and don't want to have to set anything up, just
install ipmasq.  It determines what the untrusted network is by where
the default route or gateway points; its automatic.  If you want the
tightest firewall with only the ports you want open, then go with
shorewall.  

The documentation is vast; its like a book.  You wouldn't buy a big book
on network security and open it to the middle and expect to know what
was going on.  Start at the beginning and just read it through.  Trust
your brain to synthesize and develop a plan for your situation.

Doug.