On Wednesday 09 December 2015 11:56:39 Andrew Savchenko wrote: > ... Also it is much better to write iptables / iproute / > tc rules manually then using high level generators like shorewall — > this will give you a good understanding on what is going on and how > to optimize or tighten your setup.
I don't often disagree with a Gentoo dev, but if I were to attempt this I'd certainly make a hash of it, and we're often told that a badly set up firewall is worse than none. I've been very happy with shorewall for many years and I intend to continue with it. -- Rgds Peter
