Re: Starting iptables

To: debian-user@lists.debian.org
Subject: Re: Starting iptables
From: dtutty@porchlight.ca
Date: Wed, 18 Oct 2006 15:25:56 -0400
Message-id: <[🔎] 20061018192556.GB3881@pluto>
In-reply-to: <[🔎] 20061018183252.GA7832@celephais.home.net>
References: <[🔎] 20061017224534.GA10998@celephais.home.net> <[🔎] 20061018105339.GC32415@localhost> <[🔎] 20061018140610.GA4202@celephais.home.net> <[🔎] 20061018170152.GA2643@pluto> <[🔎] 20061018183252.GA7832@celephais.home.net>

On Wed, Oct 18, 2006 at 01:32:52PM -0500, cothrige wrote:
> * dtutty@porchlight.ca (dtutty@porchlight.ca) wrote:
> > 
 
> Interesting what you say about ipmasq.  How automatic is it?  I would
> have assumed that it had more to do with making your machine a
> gateway, which mine isn't, than firewalling itself.  I am assuming
> that it does both?  
Yes.
> 
> > The documentation is vast; its like a book.  You wouldn't buy a big
> > book on network security and open it to the middle and expect to
> > know what was going on.  Start at the beginning and just read it
> > through.  Trust your brain to synthesize and develop a plan for your
> > situation.
> 
> I know what you mean there.  I think it turned out to be something
> like 550 pages, give or take.  And I actually was reading it from the
> beginning, but you can imagine what a task that is just to set up a
> couple of rules.  And I was beginning to think that it was not set up
> to handle a situation as simple as mine.  Of course, I was wrong.
> 
> But, this all begs the question of what Shorewall is really trying to
> do.  I would think that the point of these firewall tools would be to
> get around the rather difficult process of figuring out iptables.
> However, shorewall seems to simply replace the very archaic and tricky
> iptables commands and structure with its own equally difficult
> version.  Why is that exactly?  Couldn't somebody with that kind of
> need simply take the same time and learn the very thing that Shorewall
> is manipulating, i.e. iptables?
> 
If you look at the number of lines of rules you make, and compare it to
the number of lines (pages!) of iptables rules it makes, you see that
shorewall is easier.  Also the syntax is easier.  Changes are far
easier.  Besides, the shorewall book is the best book I've found for
understanding iptables.  

My only beef with shorewall is the length of time it took my poor 486 to
process everything: 2 minutes.

I use ipmasq when I'm building the smallest system I can, only accessing
the internet for email, web browsing, and chrony.  For a full-size
system, I use shorewall.

Doug.

Reply to:

Follow-Ups:
- Re: Starting iptables
  - From: John L Fjellstad <john-debian@fjellstad.org>

References:
- Starting iptables
  - From: cothrige <cothrige@bellsouth.net>
- Re: Starting iptables
  - From: Kevin Mark <kevin.mark@verizon.net>
- Re: Starting iptables
  - From: cothrige <cothrige@bellsouth.net>
- Re: Starting iptables
  - From: dtutty@porchlight.ca
- Re: Starting iptables
  - From: cothrige <cothrige@bellsouth.net>

Prev by Date: Re: 1 CPU or 2 ?
Next by Date: boot sequence and alsa
Previous by thread: Re: Starting iptables
Next by thread: Re: Starting iptables
Index(es):
- Date
- Thread