On Tue, 1 Jan 2002, mulix wrote: > On Tue, 1 Jan 2002, Tzafrir Cohen wrote: > > > I want to convert my firewall from kernel 2.2 to kernel 2.4 . I believe > > that 2.4 is by now stable enough. > > make sure to go straight to 2.4.17. pretty much every other version had > known problems.
Which means I have to wait until 2.4.18, because 2.4.17's problems are currently yet unknown ;-) Speaking about that: the latest kernel source from Mandrake cooker (kernel-source-2.4.16.11mdk-1-1mdk) fails to compile for me, with some error in loop.c > > > My main limitation with this system is that I would like to minimize the > > console time spent near it. Furthermore, I don't have much of a testing > > environment, so I would like to start with s script that is generally know > > to work, and has all the major features that I need. > > > > When browsing over project lists in freshmeat I can see features list, but > > stability is not something aparent from there. > > moast such scripts simply call iptables. where does stablity come into > play? > > > I would also prefer a system that does some sanity-checking to the rules > > before applying them (to minimize the chance of locking myself out because > > of a simple typo). To answer the previous question: If I have to edit the script for every configuration change (e.g: open /close a port) then I run into a risk of creating a syntax error that will leave the system in a"half-configured" situation (think of an extra "'") ditto if the script has a seperate config file, but sources it, rather than parsing it. > > > > Major features that I need: > > > > * NAT > > check > > > * DMZ > > donno > > > * Forwarding of internal ports > > check. > > > Any recomendations? > > i use a heavily modified version of monmotha's firewall. it's easy to > understand and modify, and does the job for my lan. > http://monmotha.mplug.org/firewall/index.php I'll have a look Though this seems to be lack a "start" and "stop" comands of a standard sysv-init script . Thanks -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
