Holly Bostick <motub <at> planet.nl> writes:
> If you're trying to learn, James, there is something to be said for > Dave's position; it's not as if the config files are going to disappear > just because you used shorewall to write them with correct settings. Following this example, I've had no problems, only it did not include the DMZ portion of the example. I looked at Shorewall. No thanks. > It might be easier to understand how iptables works if you configure it > through a system that will do it properly, *then* look at the configured > rules and work out why they work (as opposed to what your self-made > rules do), rather than wait to have a working configuration until you've > understood iptables (which is apparently not really easy for most > everybody). Hey, it took me quite a long time to digest OpenBSD +pf and other tools. That's OK, even fantastic. It's what I want to do. Struggle, learn, make little mods and test the results..... If I need immediate coverage, I have a OpenBSD +pf box that is fantastic, because I took the time to learn. If shorewall is so easy, then just email to me the config files for a 3 nic network, with DMZ based web server, and only internally (LAN) initiated connections allowed, in the form of config files, OK? I'm quite sure I'll master iptables/netfilter, the commnand line and config file way.........the old fashion, hard-headed way. YMMY James -- [email protected] mailing list
