forgottenwizard schrieb: > On 00:24 Sun 05 Apr, gigli wrote: >> Hi >> >> I wonder if there is any easy firewall for gentoo. I tried ubuntu for a >> while and used their ufw, which was very simple. >> >> My needs: >> >> Block incoming traffic except for sshd and https (and sometimes >> bittorrent) and allow my lan to connect to my samba share, mythtv and >> mysql when i use openvpn or allways, which would be easyist. My box is >> usually protected by pfsense. >> >> I have a hard time to understand iptables and i have tried guarddog and >> kmyfirewall and others, didn't really like them. Something like ufw >> would be nice. >> [...] > > As for software, you could look into Shorewall and see if that works for you. >
I second that recommendation. Shorewall is a really great piece of software: a lot of functionality paired with a lot of documentation. It has got support for OpenVPN and macros for most common services (which makes it a matter of maybe a minute to add a rule for a new service). The only downside I see is that it compiles many rules which wouldn't be strictly necessary and therefore needs a lot of kernel modules to start (and it doesn't always give helpful error messages when it misses a module).
signature.asc
Description: OpenPGP digital signature
