For those of you using Gentoo (or Linux in general) as your firewall, gateway and/or NAT box, I was curious as to how you went about setting up Netfilter/iptables.
I'm currently using OpenBSD for this role, in part because I wanted another system to tinker with, but also because I find it's firewall system a bit easier to setup and configure (than iptables). Now I barely have time to tinker with my Gentoo box, let alone OpenBSD. So I'd kind of like to migrate the OpenBSD box to Gentoo. The most important thing, though, is to make sure I can get a good firewall up. I've played with iptables in the past, but felt a bit overwhelmed. To me it seems that there should be a "standard" iptables script for the scenario where the Linux box connects do the Internet via DSL or cablemodem and performs NAT, firewall and gateway duties to an internal (private) LAN---I'm assuming this is an extremely common situation. That in mind, I'm just curious as to how folks have gone about implementing their iptables-based firewall. I did a bit snooping around the Gentoo forums, and came up with a few promising links: Projectfiles.com [1] has a pre-written iptables script. It has a handful of endorsements on the forums, but it's length (and assumed complexity) makes me sheepish. The Gentoo Linux Security Guide [2] also has some information on setting up iptables as well as a sample script [3]. Finally, many folks recommend Shorewall [4] which apparently is a higher-level Netfilter configuration tool. I haven't studied any of the above links in any detail yet, but thought they'd make a good starting point for discussion. Thanks for your thoughts and feedback! Matt [1] http://projectfiles.com/firewall/ [2] http://www.gentoo.org/doc/en/gentoo-security.xml [3] http://www.gentoo.org/doc/en/gentoo-security.xml#doc_chap12_pre5 [4] http://shorewall.sourceforge.net/ -- Matt Garman email at: http://raw-sewage.net/index.php?file=email -- [EMAIL PROTECTED] mailing list
