On Friday 31 December 2004 10:54, Bill Moseley wrote: > Which of the firewall packages is closest to building iptables rules > by hand? > > I, for one, prefer to have just one file that contains the iptables > commands to build the firewall. The front-end tools are nice but I
That's exactly what you get with Guidedog. It creates a single script that will run on both ipchains and iptables, so it's at least twice the size it really needs to be, but once you've set up the script you could never bother to use guidedog again, if that's what turns your crank. It's not reflexive though - I don't know of a firewall tool that can take a firewall script as _input_, so once you modify the script, you can't use the GUI tool any more without losing the hand edited changes. If anyone does know such a tool I'd be willing to give it a try. > feel like they make me learn about how to run their tool instead of > how to work with iptables -- an obscuring layer, in effect. It's also > easier to understand (for me) when it's a simple hand-edited script > that gets run out of init.d and /etc/networking/interfaces. Well, ipchains was obscure enough. Iptables is even more so. I can't really see a good GUI being an "obscuring layer". -- derek -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
