Re: Newbie friendly security and firewall docs (cookbook?)

[Chris Bannister <cbannister@slingshot.co.nz>]

On Wed, Oct 08, 2014 at 05:58:53PM -0400, Steve Litt wrote:
> On Thu, 09 Oct 2014 06:18:09 +1000
> Stuart Longland <stuartl@longlandclan.yi.org> wrote:
> 
> 
> > The hard bit about things like firewalling, is that there is really a
> > minimum technical understanding necessary to do it properly.
> 
> You've got that right. Years ago, I despaired of ever understanding
> iptables, and just put a pf firewall between the LAN and the Internet.
> And although I find pf much more understandable than iptables, pf isn't
> simple either. One of the first things you need to get used to is
> what's "in" and "out". With pf, that's relative to the firewall, not
> the browser. 
> 
> I couldn't imagine making firewalling simple, because there's so much
> it does: Blocking packets, logging, pinholing with port forwarding,
> NAT, and probably another hundred things I don't know about. And all
> sorts of packets.
> 
> If one wants simple firewalling, about the best you can hope for is
> something like pfSense, but that's not all that simple either.

Have a look at shorewall. 

-- 
"If you're not careful, the newspapers will have you hating the people
who are being oppressed, and loving the people who are doing the 
oppressing." --- Malcolm X