Sam Halliday wrote: > Paul Gear wrote: > >>Sam Halliday wrote: >> >>>... >>> >>>>Debian supports shorewall, a great iptables preprocessor - get a recent >>>>version from backports.org, and you're laughin'! >>> >>> >>>cheers... but i do not need a way to generate rules; i already know >>>how to do that. i just want to know if there is a standardised debian >>>way of loading up a firewall on startup... like a file i need to dump >>>my (customised) `iptables-save` output into. else i will just write >>>my own initscript. >> >>I know how to do it as well, but i don't because shorewall saves a lot >>of time and effort, and protects you from typos. > > > /me does `apt-get install shorewall` and to hell with figuring out the proper way :-)
<g> Indeed! I learned iptables when i first converted my 900+ line ipchains script into iptables (that alone cut the script by about 300 lines), then i went from that to about 50 lines of shorewall config. I've never touched iptables since, except to troubleshoot or add a temporary rule on a particularly slow machine. Of course, my config is a lot bigger now... :-) -- Paul <http://paulgear.webhop.net> -- Did you know? Using HTML email (or "Rich Text" email) rather than plain text is less efficient, and makes you more vulnerable to security flaws in your computer software. Learn more about securing your computer at <http://www.kb.cert.org/vuls/id/713878>.
signature.asc
Description: OpenPGP digital signature