In <[🔎] 20091028011429.38cb199f.celejar@gmail.com>, Celejar wrote: >On Tue, 27 Oct 2009 16:09:11 -0500 >"Boyd Stephen Smith Jr." <bss@iguanasuicide.net> wrote: >> I can't help you with guarddog. I write my iptables rules by hand so >> they remain understandable. I can't stand the trash that most >> iptables rules generators produce. (Shorewall, I'm looking at you.) > >Can you elaborate? I've never looked at the actual iptable rules >generated by Shorewall, but why bother? The configuration files are >perfectly clear and rational, and I understand exactly what I have >there. I disagree on the last point. It could simply be an incompatibility between Shorewall and I. I find the RAW iptables rules clear and rational, I don't see the need to obfuscate them. Also, it doesn't matter on modern desktops, but my iptables ruleset is significantly smaller than the equivalent Shorewall iptables ruleset. That saves kernel memory (a miniscule amount) and CPU time per packet. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.