On Sat, Mar 03, 2007 at 08:08:36AM +0000, David Hart wrote: > On Thu 2007-03-01 16:05:32 -0500 Roberto C. Sanchez wrote: > > On Thu, Mar 01, 2007 at 09:45:41PM +0100, Franck Joncourt wrote: > > > On Thu, Mar 01, 2007 at 11:56:41AM -0800, Jordi wrote: > > > > > > > > John, that seems to complicated for me, but seems good as it is a > > > > hardware firewall. > > > > Roverto, seems you like to do a control of all parameters, you must be > > > > an expert. I will try to do as you say, and learn a bit. > > > > > > Want to set up a firewall ; it is better to know what you do :)! > > > I started using iptables first, and now it is quite difficult to change, > > > even to try other stuff. So if you want to learn more, take a look at the > > > iptables tutorial. However, I should admit it is time consuming. > > > > Right, like when you want a firewall to manage a half-dozen different > > zones on your network, which is connected to several different ISPs, > > while performing traffic shaping functions? > > If you need to manage a half-dozen zones the chances are that you'll > be doing packet filtering on specialized hardware so shorewall will > be of no use. >
I have never said using iptables was the best solution, however, I think the understanding of netfilter/iptables might help. It is up to everyone to choose whether they want to get a better understanding of what they are doing, or not. He may not need to bother with all that. Anyway, iptables, fwbuilder, shorewall and ohters have their own advantages and drawbacks. > > > Having this in mind, do you know a good and simple solution? I will > > have much time to learn for future, it is just to have a start point. > > I recommend > http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html > written by Rusty Russell, the initial author and one of the current main > developers of iptables/netfilter. > > He shows a simple six line firewall script at > http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-5.html. Here is the link I use where you can get pretty useful information (for the future maybe 8)! ), as well : - protocol description - connection tracking - iptables itself http://iptables-tutorial.frozentux.net/iptables-tutorial.html There are some examples too. -- Franck Joncourt http://www.debian.org http://smhteam.info/wiki/ GPG server : pgpkeys.mit.edu Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE
signature.asc
Description: Digital signature
