On Sep 15, 2006, at 9:51 AM, Lan Barnes wrote:
The question, and I'm not sure that it's been answered, is where does
lokkit find the rules it uses to overwrite /etc/sysconfig/iptables and
thus clobber it? Because if one modified lokkit's input to
customize it,
one could use it with more granularity.
You're right, it hasn't been answered... I had to check. And the
answer is:
/etc/sysconfig/system-config-securitylevel
Unfortunately that file isn't terribly well documented, and I don't
think lokkit can get much more granular beyond "check the boxes for
these common protocols, and list everything else in this tiny 30
character horizontally scrolling input box." But it might be fun to
play with...
Now _that_ is a Big Idea. I always associated Shorewall and siblings
with small Linux and firewall utilities. But obviously it would do the
same Job on a larger box. Thanks.
Yeah if I ever find myself needing a firewall config that takes more
than about 10 seconds to express in lokkit, I forsake that whole
system and install Shorewall.
--
Joshua Penix http://www.binarytribe.com
Binary Tribe Linux Integration Services & Network Consulting
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
