Re: Newbie friendly security and firewall docs (cookbook?)

[Steve Litt <slitt@troubleshooters.com>]

On Thu, 09 Oct 2014 06:18:09 +1000
Stuart Longland <stuartl@longlandclan.yi.org> wrote:


> The hard bit about things like firewalling, is that there is really a
> minimum technical understanding necessary to do it properly.

You've got that right. Years ago, I despaired of ever understanding
iptables, and just put a pf firewall between the LAN and the Internet.
And although I find pf much more understandable than iptables, pf isn't
simple either. One of the first things you need to get used to is
what's "in" and "out". With pf, that's relative to the firewall, not
the browser. 

I couldn't imagine making firewalling simple, because there's so much
it does: Blocking packets, logging, pinholing with port forwarding,
NAT, and probably another hundred things I don't know about. And all
sorts of packets.

If one wants simple firewalling, about the best you can hope for is
something like pfSense, but that's not all that simple either.

SteveT

Steve Litt                *  http://www.troubleshooters.com/
Troubleshooting Training  *  Human Performance