Dave Nebinger <dnebinger <at> joat.com> writes:
> Up to now I haven't really wanted to have someone bounced from the list; but > your lack of sensitivity and generally insulting manners make you the first > obvious candidate for such a bouncing. Ok your call, let me know..... > Why do you think that iptables/netfilter is exclusive to gentoo? It is a > general linux question; iptables is not a product of gentoo. Agreed. I never stated it was, just asked on this list for information and help, repeatedly about iptables/netfilters. I have clearly, and repeated articulated the fact, that shorewall, and other applications, are not useful to me, unless they redender ruleset that can be manipulated manually. So a tool, that I can mix and match with command line access to iptables/netfilter would be acceptable. However, there seems to be some confusion about whether shorewall et. al. actually can work in this capacity. The last thing I want is another layer. A tool/scripts/gui that is 100% compatible with command line manipulations and testing of rulesets is OK. Any guidance you can provide here is appreciated. > There are no such published, shared rule sets because each site has it's own > security requirements and places different priorities upon the rules. Some > will prioritize the connection tracking rules above the service rules (to > optimize outbound active connections over new service connections) whilst > others will prioritize them in the opposite direction. And the services > themselves can be prioritized differently. > OK, but published examples would be nice, even if they require changes. > If you really want the down and dirty on iptables, go out and buy "Linux > Firewalls" by Ziegler and Constantine. It describes every nook and cranny > of iptables. Great reference. The third addition was just published in September 05. I've pre-ordered one.... > In the mean time, welcome to my kill file. OK, whatever this means.... Sorry to offend, but, I did not like having Shorewall or anything else shove down my throat. The title of the email was and is 'iptables example on Gentoo'. It a shame we had to get so heated before folks actually started talking about iptables/netfilter, and not some intermediary.... James -- gentoo-user@gentoo.org mailing list
