On Sun, May 04, 2003 at 01:41:49PM +1000, Jonathan Oxer wrote: > manage a number of firewalls on our network using fwbuilder, and a > little while ago I printed out the iptables script generated for one of > them, and the script was 32 pages long. When you've got a network that's > less trivial than a couple of boxes on a DSL connection, a good GUI can > help you keep track of what's going where.
On the other hand, it is extremely damgerous to rely on those setups. I also know those boxes. A while back I used to use "fwctl" (maintained by me but ipchains) for the task. The list of rules are similiar long. But fwctl has some problems with special types of rules, ordering als "classes" of objects. If you are not very carefull, the rules might not look like you expect. and if you have 32 pages, you can never audit or understand them. I am currently checing fwbuilder for those kinds of problems, will report back. But anyway by all means: KISS. Greetinngs Bernd -- (OO) -- [EMAIL PROTECTED] -- ( .. ) [EMAIL PROTECTED],linux.de,debian.org} http://home.pages.de/~eckes/ o--o *plush* 2048/93600EFD [EMAIL PROTECTED] +497257930613 BE5-RIPE (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
