On December 28, 2003 07:55 pm, Daniel Pittman wrote: > On Fri, 26 Dec 2003, Derek Broughton wrote: > > > For instance, I completely trust everything on my SOHO network, but > > don't trust my connection to the internet. I don't trust anything but > > my desktop machine on the client's network, but I _do_ trust their own > > internet firewall. So it's often important to be able to detect > > details of the connection. > > While I agree with this, I don't think that the best location to perform > this detection is as part of the firewall package itself.
Right, but some of the firewall builders one might find adequate for a fixed-location system don't very well react to having an interface (or even different network interfaces) that may come up with different IPs depending where you are. So I think the choice of a firewall package for a laptop is slightly more limited than for a desktop machine. > > Firehol adds a lot of custom commands to bash, making firewall setup > trivial, but is still a shell script under it all. So, you can use that > to conditionally execute firewall code. > > Thanks for the feedback, though, and I will try to remember your point > about complexity of rule setup in future. > And I will check out firehol :-) I'm using Guarddog these days, and it's working fairly well, but it's the first package I've found adequate for my laptop. -- derek
