Manoj Menon wrote: > Hi there, > > --- sangbsy <[EMAIL PROTECTED]> wrote: > >> firewall,I am using these >> sets of iptables rules shown at the bottom of this >> message for this >> particular task. > > Might I suggest an alternative ? > > http://easyfwgen.morizot.net/gen/ or > http://www.hideaway.net/iptables/ or just google for > the Easy Firewall Generator. >
Actually, he's written quite a comprehensive set of iptables rules. I'd prefer a good hand crafted setup to a generated setup any day of the week! The burning question is not really "are the rules below any good?", which they are, but more "what are you trying to achieve?" I hand write all my firewall rules, from simple to in excess of 500 lines.. that way I know *exactly* how it works and the process of writing/debugging means I know my own iptables configuration backwards. Like every time I reboot my adsl router I ssh into it and modify the iptables rules as I don't like the way they set them up. (I only reboot it every 6 months). I'm working on a firmware upgrade so I don't have to do it manually anyway. Brad -- "Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so." -- Douglas Adams
