At 08:16 PM 4/23/00 -0400, Benjamin Scott wrote:
>On Sun, 23 Apr 2000, Kenneth E. Lussier wrote:
> > One problem that I am faced with now it trying to learn more about
> > ipchains ( I know the basics already, but there is a lot more detail that
> > I would like to know) ...
>
> Such as...? For general firewall theory, I'd say the O'Reilly book is
>pretty complete. If you're wondering what ipchains can do, the man page is
>pretty comprehensive. If you want to know how the internals work... you've
>got the source... what more could you ask for? :-)
When I say that I want to learn more about it, I mean it more as a
scalability issue. I can put together a basic firewall script here at home,
and it is fine for my purposes. I have some port redirection, and a basic
rule set that keeps people out and allows the traffic that I want. However,
I have never had to deal with it in a large scale situation where I need to
worry about internal and external mail servers, DNS servers, etc. I can put
together the rules, but what I really want to do is work with it on a
larger scale than just my 6 machines at home.
> > ... and at the same time, gearing up for iptables in the 2.4 kernel.
> > Once again, the firewalling code is going to change ... Trying to keep up
> > is becoming more and more difficult.
>
> Indeed. I sincerely hope the kernel folks are going to stop tinkering with
>the firewall code after iptables is done. Otherwise, I'm gonna consider
>switching to OpenBSD on my firewall! ;-)
I was just getting into firewalls when they did away with ipfwadm. I'm
starting to think that the kernel folks just like to keep the rest of us on
our toes ;-)
Kenny
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
