Daniel Pittman <[EMAIL PROTECTED]> wrote: > Sure, a lot of them suck. In fact, most of them *really* suck, in my > opinion. > > I found that 'firehol' was quite a surprise to me -- not only didn't it > suck, it actually improved my hand-written firewall somewhat.
Firehol still sucks: It's bash-dependant (no good for OpenWRT), the output script isn't self-contained, and it takes forever to run on a Pentium 166. That being said, it's still my choice of firewalling tool. Writing firewalls with iptables directly is like programming in assembler - do it once just to learn how to do it and to learn why not to do it. -- Sam "Eddie" Couter | mailto:[EMAIL PROTECTED] Debian Developer | mailto:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
signature.asc
Description: Digital signature
