On Thu 2007-03-01 16:05:32 -0500 Roberto C. Sanchez wrote: > On Thu, Mar 01, 2007 at 09:45:41PM +0100, Franck Joncourt wrote: > > On Thu, Mar 01, 2007 at 11:56:41AM -0800, Jordi wrote: > > > > > > John, that seems to complicated for me, but seems good as it is a > > > hardware firewall. > > > Roverto, seems you like to do a control of all parameters, you must be > > > an expert. I will try to do as you say, and learn a bit. > > > > Want to set up a firewall ; it is better to know what you do :)! > > I started using iptables first, and now it is quite difficult to change, > > even to try other stuff. So if you want to learn more, take a look at the > > iptables tutorial. However, I should admit it is time consuming. > > Right, like when you want a firewall to manage a half-dozen different > zones on your network, which is connected to several different ISPs, > while performing traffic shaping functions?
If you need to manage a half-dozen zones the chances are that you'll be doing packet filtering on specialized hardware so shorewall will be of no use. On Fri 2007-03-02 04:31:18 -0800 Jordi wrote: > I wonder if shorewall is for me like using a cannon to kill a flea. It probably is. > Having this in mind, do you know a good and simple solution? I will > have much time to learn for future, it is just to have a start point. I recommend http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html written by Rusty Russell, the initial author and one of the current main developers of iptables/netfilter. He shows a simple six line firewall script at http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html. -- David Hart <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
