Oded Arbel wrote:
On Tue, 2007-07-03 at 21:16 +1000, Amos Shapira wrote:
I think this is really bad. The only good thing in the above document
is that one of the tools suggested in the first section is shorewall which is
a brilliant firewall management script and ever since I started working
with it (several years back) I never recommend people to use anything
else - but it receives equal exposure as KNetFilter and bastille - which
is not very encouraging.
I can second Oded's recommendation for Shorewall. Once you get your head
around how it works - which isn't hard - it's a breeze to set up and
maintain iptables rules.
THere's even a "try" option which allows you to restart iptables reading
all configs from a separate subdirectory for testing. So it's quite easy
and safe (no messing with working scripts) to test new rules.
Micha
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Arava Development Co, Sapir, Israel
tel: +972(8)-6592270
cell: +972(52)-3665918
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
