2012/1/20 Kenyon Ralph <[email protected]>: > On 2012-01-20T00:13:37+0100, Arturo Borrero Gonzalez <[email protected]> > wrote: >> I've been working on a debian package with a basic iptables-based >> firewall system. >> >> >> I read some info regarding debian and firewalling here: >> >> http://wiki.debian.org/DebianFirewall >> http://wiki.debian.org/Firewalls >> http://wiki.debian.org/iptables >> > [...] >> I see this basic approach a nice way to include a firewall as a >> service in the system. No one of the packages listed in the debian >> wiki seems to only deploy a structure where the system admin can build >> his own firewall. This package just try to do that. > > The iptables-persistent package is missing from those wiki pages. I > haven't tried it, but it may be worth looking at. > > Maybe you could just install iptables-persistent and distribute the > iptables rules that you want, using puppet for example (of course, if > you're using puppet you would automate the installation of the package > too). Or, you could build your own local version of the package with > the default configuration you want. > > -- > Kenyon Ralph
Hi there. You are rigth. The package "iptables-persistent" has the same objetives than mine. But there are still some differences between that package and mine, such as: · Low functionality init.d script. The script can't even stop the firewall. In fact, the package just does what they told: Descripción: Simple package to set up iptables on boot This package contains just a system startup script that restores iptables rules from a configuration file. · My init.d script could stop the firewall, restart it, change quickly the default policy, flush iptables rules without flushing nat ones (very useful in some environments), change the ip_forwarding kernel keys if the machine I think acme-firewall is a better service aproach. Best regards. -- /* Arturo Borrero Gonzalez || [email protected] */ /* Use debian gnu/linux! Best OS ever! */ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAPfcJat225gQn9Tc=bxciakophj-yw_cekbzkbsjbwbhu0g...@mail.gmail.com
