On Thu, 11 Sep 2003 14:05:15 +0100 (BST) "MooktaKiNG" <[EMAIL PROTECTED]> wrote:
> One more for shorewall :-D > I've been using it for a while now. IPtables is just too complicated, > and my server too mission critical. So using shorewall was the logical > step :) > > > > On Thu, Sep 11, 2003 at 05:41:40AM -0700, Joshua Banks wrote: > >> I agree with Gabriel, > >> > >> I use Shorewall myself and have for sometime before I started > >running> Gentoo. Very robost, great > >> web site with awesome examples and FAQ's, and a great mailing list. > > > > I'll add a vote for shorewall. > > > > If you really have a need to understand the low-level details of > > managing iptables, then you might not want shorewall. But shorewall > > lets you work at a higher level of abstraction - designing zones and > > policies, rather that dealing with low-level details. In most > > software development circles, abstraction is considered A Good Thing > > :-). > > All I can add is ditto; Shorewall is great. I might add, I'm using it with the 2.6 kernels (now on -test5). It provides very meaningful log messages (/var/log/messages unless you alter your syslog setup). After my initial setup, I discovered that my default setup was rejecting samba traffic from my lan, and that was trivial to fix. -- Collins Richey - Denver Area if you fill your heart with regrets of yesterday and the worries of tomorrow, you have no today to be thankful for. -- [EMAIL PROTECTED] mailing list
