Re: Laptop Firewalling
On Wed, Nov 21, 2007 at 01:49:15PM +0700, Klein Moebius wrote:
> Being on the road a lot with my trusted lappy, I'd like to get
> suggestions on the best solution for an iptables based firewall that
> needs to be easily reconfigurable for wireless, ethernet cable, and ppp.
> I should be able to apply rules on the fly using tools such as wireshark
> to identify mac address exclusions, etc, and hopefully would be ipv6
> capable. Any ideas?
You could look at shorewall. It has a great set of docs in
shorewall-doc.
Your laptop has three potential interfaces: eth(cable), eth(wireless)
and ppp. Do the two eth end up with different unit numbers? (I've never
used wireless). From a firewall perspective, does it matter if at any
given time you're using a particular interface? Assuming that you're
not forwarding, although perhaps the Nat config will change.
You could create a set of config files for each setup and write a script
that copies the correct set to /etc/shorewall then restarts shorewall.
Have the script start when an interface goes up.
Doug.
Reply to: