On 2018-02-28 13:28, Jorge Almeida wrote: > > Is there something besides iptables? It seems to be like > > systemd/perl/python, continuously expanding its scope. And no, I'm > > not looking for an "easy-peasy front-end gui" that'll probably pull > > in 90% of QT as dependancies. I fondly remember IPCHAINS. > > shorewall seems to be the most powerful one. Lots of documentation, > configured via text files. firehol is much simpler to use, but less > well documented and the mailing list doesn't show much life. None has > any useless GUI. I find both usable. > > I would just use iptables if I were iptables-wise enough.
Isn't iptables (the userspace program) just a very thin wrapper over the underlying kernel interface (netfilter)? AFAIK there is no other kernel interface, at least not in stable kernels, so all the other packages just abstract and simplify it more - I would not consider that reduction of scope. I actually like iptables, of course I'll never learn about _all_ its features, but I've already used some not quite trivial ones. -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com.
