Re: Starting iptables

* dtutty@xxxxxxxxxxxxx (dtutty@xxxxxxxxxxxxx) wrote:

As I see it, you have two choices. If you just want something that
should do what you want and don't want to have to set anything up, just
install ipmasq. It determines what the untrusted network is by where
the default route or gateway points; its automatic. If you want the
tightest firewall with only the ports you want open, then go with
shorewall.

Interesting what you say about ipmasq. How automatic is it? I would
have assumed that it had more to do with making your machine a
gateway, which mine isn't, than firewalling itself. I am assuming
that it does both?

The documentation is vast; its like a book. You wouldn't buy a big book
on network security and open it to the middle and expect to know what
was going on. Start at the beginning and just read it through. Trust
your brain to synthesize and develop a plan for your situation.

I know what you mean there. I think it turned out to be something
like 550 pages, give or take. And I actually was reading it from the
beginning, but you can imagine what a task that is just to set up a
couple of rules. And I was beginning to think that it was not set up
to handle a situation as simple as mine. Of course, I was wrong.

But, this all begs the question of what Shorewall is really trying to
do. I would think that the point of these firewall tools would be to
get around the rather difficult process of figuring out iptables.
However, shorewall seems to simply replace the very archaic and tricky
iptables commands and structure with its own equally difficult
version. Why is that exactly? Couldn't somebody with that kind of
need simply take the same time and learn the very thing that Shorewall
is manipulating, i.e. iptables?

Patrick


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Relevant Pages

  • Re: [opensuse] Interactive Firewall Needed
    ... Subject: Interactive Firewall Needed ... To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx ... For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx ... Shorewall is a far easier to manage and more flexible than Susefirewall. ...
    (SuSE)
  • Re: Shorewall glitch
    ... # Sets minimal Iptables Security ... Im using Shorewall as we ... That rule allows you to run an SSH server on your firewall and connect ...
    (comp.os.linux.security)
  • RE: Port Forward 1 Port
    ... Subject: Port Forward 1 Port ... >I have a RH8 machine on a private net that has iptables but everything ... >firewall running with a bunch of rules? ... unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe ...
    (RedHat)
  • Re: Default firewall in etch
    ... What is Etch using as its default firewall? ... Iptables is the kernel code that provides packet filtering but isn't ... easier to set up (although as others have mentioned, Shorewall has ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
    (Debian-User)
  • Re: Recommended Firewalls
    ... firewall configurator that compiles shellscripts that setup iptables. ... All these are iptables based... ... if i get in trouble i ... with a subject of "unsubscribe". ...
    (Debian-User)