Robert Spangler wrote:
While IPTABLES might be CHEAP (price) it is a very good firewall.
Learn to set it up from the command line, it isn't that hard.
Try the following to learn it;
http://iptables.rlworkman.net/chunkyhtml/index.html
Forget those GUI interfaces.
one thing that bugs me about most canned iptables rulesets, including
the ones generated by most of those GUI packages, is that they are way
more complex than needed, its like they are trying to reinvent the
entire tcp stack. eg: you really don't need to reject non-SYN packets
on unopened connections, tcp will do that quite nicely on its own and
far more efficiently than a pile of iptables rules.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
