Re: Firestarter VS Shorewall

To: debian-user@lists.debian.org
Cc: "Roberto C. Sanchez" <roberto@connexer.com>
Subject: Re: Firestarter VS Shorewall
From: David Hart <debian@tonix.org>
Date: Sat, 3 Mar 2007 08:08:36 +0000
Message-id: <[🔎] 20070303080836.GA30492@yan.jynn.tonix.org>
Mail-followup-to: debian-user@lists.debian.org, "Roberto C. Sanchez" <roberto@connexer.com>
In-reply-to: <[🔎] 1172838677.951224.115000@j27g2000cwj.googlegroups.com> <[🔎] 20070301210532.GD6261@santiago.connexer.com>
References: <[🔎] 20070301204541.GA21215@toystory.lan> <[🔎] 20070301210532.GD6261@santiago.connexer.com> <[🔎] 1172838677.951224.115000@j27g2000cwj.googlegroups.com> <[🔎] 1172767270.013349.33550@z35g2000cwz.googlegroups.com> <[🔎] 20070301171801.GA3065@santiago.connexer.com> <[🔎] 1172771402.727917.52300@30g2000cwc.googlegroups.com> <[🔎] 20070301184504.GA4107@santiago.connexer.com> <[🔎] 1172779001.621895.178860@k78g2000cwa.googlegroups.com> <[🔎] 20070301204541.GA21215@toystory.lan> <[🔎] 20070301210532.GD6261@santiago.connexer.com>

On Thu 2007-03-01 16:05:32 -0500 Roberto C. Sanchez wrote:
> On Thu, Mar 01, 2007 at 09:45:41PM +0100, Franck Joncourt wrote:
> > On Thu, Mar 01, 2007 at 11:56:41AM -0800, Jordi wrote:
> > > 
> > > John, that seems to complicated for me, but seems good as it is a
> > > hardware firewall.
> > > Roverto, seems you like to do a control of all parameters, you must be
> > > an expert. I will try to do as you say, and learn a bit.
> > 
> > Want to set up a firewall ; it is better to know what you do :)!
> > I started using iptables first, and now it is quite difficult to change,
> > even to try other stuff. So if you want to learn more, take a look at the
> > iptables tutorial. However, I should admit it is time consuming.
> 
> Right, like when you want a firewall to manage a half-dozen different
> zones on your network, which is connected to several different ISPs,
> while performing traffic shaping functions?

If you need to manage a half-dozen zones the chances are that you'll
be doing packet filtering on specialized hardware so shorewall will
be of no use.


On Fri 2007-03-02 04:31:18 -0800 Jordi wrote:
 
> I wonder if shorewall is for me like using a cannon to kill a flea.

It probably is.
 
> Having this in mind, do you know a good and simple solution? I will
> have much time to learn for future, it is just to have a start point.

I recommend
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html
written by Rusty Russell, the initial author and one of the current main
developers of iptables/netfilter.

He shows a simple six line firewall script at
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html.

-- 
David Hart <debian@tonix.org>

Reply to:

Follow-Ups:
- Re: Firestarter VS Shorewall
  - From: Franck Joncourt <franck.joncourt@wanadoo.fr>
- Re: Firestarter VS Shorewall
  - From: "Roberto C. Sanchez" <roberto@connexer.com>

References:
- Re: Firestarter VS Shorewall
  - From: Franck Joncourt <franck.joncourt@wanadoo.fr>
- Re: Firestarter VS Shorewall
  - From: "Roberto C. Sanchez" <roberto@connexer.com>
- Re: Firestarter VS Shorewall
  - From: "Jordi" <acero_64@yahoo.com>
- Firestarter VS Shorewall
  - From: "Jordi" <acero_64@yahoo.com>
- Re: Firestarter VS Shorewall
  - From: "Roberto C. Sanchez" <roberto@connexer.com>
- Re: Firestarter VS Shorewall
  - From: "Jordi" <acero_64@yahoo.com>
- Re: Firestarter VS Shorewall
  - From: "Roberto C. Sanchez" <roberto@connexer.com>
- Re: Firestarter VS Shorewall
  - From: "Jordi" <acero_64@yahoo.com>

Prev by Date: Re: /etc/cron.daily/man-db: /var/cache/man: Permission denied
Next by Date: Re: A very simple documentation framework
Previous by thread: Re: Firestarter VS Shorewall
Next by thread: Re: Firestarter VS Shorewall
Index(es):
- Date
- Thread