Re: Firestarter VS Shorewall
On Thu 2007-03-01 16:05:32 -0500 Roberto C. Sanchez wrote:
> On Thu, Mar 01, 2007 at 09:45:41PM +0100, Franck Joncourt wrote:
> > On Thu, Mar 01, 2007 at 11:56:41AM -0800, Jordi wrote:
> > >
> > > John, that seems to complicated for me, but seems good as it is a
> > > hardware firewall.
> > > Roverto, seems you like to do a control of all parameters, you must be
> > > an expert. I will try to do as you say, and learn a bit.
> >
> > Want to set up a firewall ; it is better to know what you do :)!
> > I started using iptables first, and now it is quite difficult to change,
> > even to try other stuff. So if you want to learn more, take a look at the
> > iptables tutorial. However, I should admit it is time consuming.
>
> Right, like when you want a firewall to manage a half-dozen different
> zones on your network, which is connected to several different ISPs,
> while performing traffic shaping functions?
If you need to manage a half-dozen zones the chances are that you'll
be doing packet filtering on specialized hardware so shorewall will
be of no use.
On Fri 2007-03-02 04:31:18 -0800 Jordi wrote:
> I wonder if shorewall is for me like using a cannon to kill a flea.
It probably is.
> Having this in mind, do you know a good and simple solution? I will
> have much time to learn for future, it is just to have a start point.
I recommend
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html
written by Rusty Russell, the initial author and one of the current main
developers of iptables/netfilter.
He shows a simple six line firewall script at
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html.
--
David Hart <debian@tonix.org>
Reply to: