* Douglas A. Tutty <dtutty@porchlight.ca> [2007-11-21 08:32:41 -0500]: > You could look at shorewall. It has a great set of docs in > shorewall-doc. Yes, it does. I use it at three systems on dedicated firewall boxes. Hadn't thought about using it in a laptop environment. > > Your laptop has three potential interfaces: eth(cable), eth(wireless) > and ppp. Do the two eth end up with different unit numbers? They do. > From a firewall perspective, does it matter if at any > given time you're using a particular interface? Assuming that you're > not forwarding, although perhaps the Nat config will change. > > You could create a set of config files for each setup and write a script > that copies the correct set to /etc/shorewall then restarts shorewall. > Have the script start when an interface goes up. That's a darned good idea. For hotels and such, I could start the interface with some fairly stout (read paranoid) settings as well. Any others out there? Regards, Klein
Attachment:
signature.asc
Description: Digital signature