Re: IPTables question

To: Erwan David <erwan@rail.eu.org>,debian-user@lists.debian.org
Subject: Re: IPTables question
From: Shawn Wilson <ag4ve.us@gmail.com>
Date: Sun, 10 Nov 2013 06:24:19 -0500
Message-id: <[🔎] 3da3a425-3862-4156-9116-1ebc3d3b3073@email.android.com>
In-reply-to: <[🔎] 527F5A88.80208@rail.eu.org>
References: <[🔎] 527E7517.9070508@uniserve.com> <[🔎] 527E99F5.8070709@meta-dynamic.com> <[🔎] b20675f7-67d9-4942-9dca-de41023367b6@email.android.com> <[🔎] 527F5A88.80208@rail.eu.org>

Erwan David <erwan@rail.eu.org> wrote:
>Le 09/11/2013 23:06, Shawn Wilson a écrit :
>> Redhat has something called firewalld which generates rules based on
>zones. I don't use it because using dbus to help manage rules scares
>me. But it's there and could be what you want. 
>>
>>
>I use fwbuilder which helps to define elaborated rules ;
>there is also shorewall which uses zones, both generates the ryules
>either as shell script or itptables-save/restore configuration.
>Both are available in debian.

Just FYI, a shell script will be slower than iptables-save since the later only makes one call while the former makes one call per ipt command. 

I looked at shorewall and didn't know it had zones - that's cool (since I don't like xml that firewalld uses). I've now got a 2k line perl script that does almost everything we need but I'll take another look at shorewall (for ideas if nothing else).

Reply to:

References:
- IPTables question
  - From: "Bill.M" <bill3@uniserve.com>
- Re: IPTables question
  - From: David F <debian@meta-dynamic.com>
- Re: IPTables question
  - From: Shawn Wilson <ag4ve.us@gmail.com>
- Re: IPTables question
  - From: Erwan David <erwan@rail.eu.org>

Prev by Date: Re: Why Debian
Next by Date: Re: Why Debian
Previous by thread: Re: IPTables question
Next by thread: Re: IPTables question
Index(es):
- Date
- Thread