I'm surprised to notice that you didn't succeed in configuring Shorewall. It's really a piece of cake. Maybe the problem is that the firewall approach is a bit different and has several (more logical, if you ask me) configuration files ...
>[EMAIL PROTECTED] (Chuck Shirley) writes: > Hello Cookers! > > First, this is not a plea to have the Bastille packages re- > integrated with cooker. I'm sure that the Mangagement was very > careful in their decision to drop Bastille in favour of Shorewall, > and I won't whine about it, but for folks like me who are too > busy with other things to become grandmasters of IPCHAINS, > Bastille was very nice. (Besides, if I were a master of IPCHAINS, > I wouldn't even need shorewall, would I? I could just forge out > all my own rules by hand and keep them in a text file to feed into > the chain-locker at boot-time...) > > After concussing myself for several weeks now trying to figure out > how to make shorewall play nice, unsuccessfully, I found that the > rpmfind.net repository still has the last released Mandrake-cooker > versions of the Bastille packages (Bastille-1.3.0-3mdk.noarch.rpm > and the UI modules (Bastille-Tk-module-1.3.0-3mdk.noarch.rpm and > Bastille-Curses-module-1.3.0-3mdk.noarch.rpm) Even better, they > still work, so one can install them on a current cooker, and then > run InteractiveBastille to configure their iptables or ipchains > firewall, (and all the other stuff that it lets you do, if you are > so inclined) > > Furthermore, There are packages for the new Bastille-2.0 version, > but they are not Mandrake specified, though the description page > indicates that it will work on a Mandrake system. I was too > agitated by fighting with all the other network problems I was > having after the last cooker updates I did (NAT was inoperative, > and I couldn't even resolve names on the machine with the direct > connection to the network!) to feel like testing a new version, > but it is there for those who are interested. I still think it is > unfortunate that Bastille has been dropped from the package > line-up. It was very nice for those of us who want a safe > machine, but who are not TCP/IP ninjas, as seems to be required to > configure shorewall. > > With best regards, > Chuck Shirley -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
