Which of the firewall packages is closest to building iptables rules by hand?
I, for one, prefer to have just one file that contains the iptables commands to build the firewall. The front-end tools are nice but I feel like they make me learn about how to run their tool instead of how to work with iptables -- an obscuring layer, in effect. It's also easier to understand (for me) when it's a simple hand-edited script that gets run out of init.d and /etc/networking/interfaces. For example, I use gshield on one machine, which is reasonably basic, but I have not figured out why when I traceroute out that machine blocks. gshield has a config file, but I'd rather be trying to edit the basic iptables commands. I think my firewall needs are reasonably common, too. I need NAT and to allow a few services in and a DMZ. A well commented iptables script would be fine. I can cut-n-paste some iptables rules to open a new port. But, I do need a tool that will set all those default rules for spoofing in invalid ip blocks that are not specific to how my machine is configured. On my laptop I've been running ipmasq. -- Bill Moseley [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
