On Wed, Nov 22, 2006 at 10:27:36PM +0100, Grzegorz wrote: > Mirto Silvio Busico napisa?(a): > >Hi all, > >I have to setup a firewall for a little network. > >The firewall machine will have multiple ip addresses for a physical lan > >card (eth0 eth0:1 eth0:2). > > > >Looking to the packages (for Etch) I see some firewall; so there is the > >question: > > Can anyone recommend to use (or to avoid) any of the following? > > > > fireflyer > > fwbuilder > > kmyfirewall > > shorewall > > > >Any information will be greately appreciated. > > > >Mirto > > > iptables > (isn't some of the mentioned above firewalls just GUI for iptables?)
I'd call it (shorewall anyway) more of a wrapper than a GUI, but yes. The actual firewall is the kernel and iptables, but shorewall provides a way to configure that. I seem to recall a thread about this a month or two back, where the position was put forth that the KISS principle would argue for directly using iptables instead of one of the wrappers, since the poster claimed to be able to put up a working firewall in 5 or 6 lines vs 10's or 100's that may result from shorewall. From my standpoint, I only need to mess with 5 or 6 lines (if that) in shorewall to get a working system, but would need to master a bunch of "fine" manuals to fully understand iptables, so kiSS still has me using shorewall. Ken -- Ken Irving, [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
