On Sun, Aug 01, 2004 at 04:14:48AM +0100, Sam Halliday wrote: > Sam Halliday wrote: > > Paul Gear wrote: > > > Sam Halliday wrote: > > > > ... > > > >>Debian supports shorewall, a great iptables preprocessor - get a > > > >recent>version from backports.org, and you're laughin'! > > > > > > > > > > > > cheers... but i do not need a way to generate rules; i already know > > > > how to do that. i just want to know if there is a standardised debian > > > > way of loading up a firewall on startup... like a file i need to dump > > > > my (customised) `iptables-save` output into. else i will just write > > > > my own initscript. > > > > > > I know how to do it as well, but i don't because shorewall saves a lot > > > of time and effort, and protects you from typos. > > > > /me does `apt-get install shorewall` and to hell with figuring out the > > proper way :-) > > hmm, its actually more effort to learn this shorewall thing than just > make my own initscript... > > thanks anyway
Think differently. It is a learning vehcle. If you are good at writing customized script, you may want to compaire with the ones created with some of these prepackaged firewall script results. running 3 commands: iptable -v -L -n -t filter iptable -v -L -n -t nat iptable -v -L -n -t mangle will teach you many tricks :) I maintain the debian "ipmasq" package which is not really a full firewall script as is but is a frame work to build your own. Really, I am amazed how it grew to cope with all weired network configuration beyond my own needs. FYI: popularity [*] ipmasq: 272 vote=180 shorewall: 237 vote=124 Both are not bad for such a niche program. Osamu [*] http://qa.debian.org/developer.php?popcon=ipmasq http://qa.debian.org/developer.php?popcon=shorewall
signature.asc
Description: Digital signature
