On Thu, 8 Sep 2005 01:23:26 +0000 (UTC), James wrote: > > Why not just sit down and read the source? > > I'm sure that's going to happen too. But having a > working machine with iptables/netfilter is like > having a lab-class to go with the > (theory) lecture part of the class, methinks.
So try out some of the standard configurations in Shorewall. Read the Shorewall scripts to see what they are trying to do then examine the iptables rules they create to see how it does it. That gives you exactly what you were asking for, a set of standard, working iptables rules to learn from, with no GUI in sight. Shorewall is not an automatic rule generator like Guarddog, it is more like a compiler, turning your source rules into iptable rules. By picking up a bunch of rules from some web site somewhere, you run the risk of learning from bad rules (like learning HTML by picking apart web sites). If a well known and well used program like Shorewall generated bad rules, they'd be picked up immediately. -- Neil Bothwick ASSISTANT MANAGER: Feminine form of the word manager (q.v.).
pgpmSC7OSFtNv.pgp
Description: PGP signature
