[MLB-WIRELESS] IP Tables.

Donovan Baarda abo at minkirri.apana.org.au
Wed Apr 6 10:32:36 EST 2005


On Wed, 2005-04-06 at 01:11 +1000, sanbar wrote:
> Phil NodeHPL wrote:
[...]
> > IP Tables.
> 
> Ooh. The black art of firewalling. Werd.
[...]
> Firewalling ain't easy, as you really need to know what you are doing to 
> get a system secure. If you want to learn it, start with someone else's 
> (a really good starting point is a script at 
> http://orbital.wiretapped.net/~technion/iptables.txt), pull it apart, 
> break it, and put it back together.
> Some people are paid a lot of money (unless they work for Dodo) to sort 
> out the problem you've just described, and I haven't even scratched the 
> surface of stuff such as network address translation, shutting down 
> unnecessary services, mac filtering and so on. This level of network 
> control is hard to do for a beginner, and even harder to get right.
[...]

I'm amazed people still even consider writing iptables rules. There are
tons of decent firewall packages out there that will do it all for you.
Why re-invent the wheel when you can focus on tweaking the car.

I like shorewall, because it makes simple things easy, but can handle
complex setups (I had static IP ISDN, dynamic IP ADSL, public wireless,
local LAN, and dialin modems all at once, with dual load-balanced
default routes, source based routing, and wondershaper traffic shaping;
6 different zones in all).

-- 
Donovan Baarda <abo at minkirri.apana.org.au>
http://minkirri.apana.org.au/~abo/


To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list