[MLB-WIRELESS] IP Tables.

John McClumpha john at incitegraphics.com.au
Wed Apr 6 12:41:44 EST 2005 

 From what I can see shorewall is used to simplify the process of 
setting up iptables rather than being a firewall solution. Great if 
you're familiar with linux and want to simplify this (otherwise 
daunting) task

For a firewall distro have a look at http://www.smoothwall.org or 
http://www.ipcop.org - there's others around I'm sure - but these two 
I've had a lot of success with.

Simply burn the ISO - boot from the CD and follow the basic prompts to 
set it up. Once setup all (well... all "standard") admin can be done via 
a web gui from any other machine.

John
node INQ


Zoi Jones wrote:
> Ok,
> 
> So I need to setup my p2-333 with SHOREWALL maybe ?
> 
> Is that a distro or a package to install onto some
> other distro ?
> 
> If its a distro in itself where can it find it ?
> 
> If its a package (which from my googleing it appears
> it is) which distro is 'ease of install and setup' for
> this linux noob ?
> 
> Still Hopeing to be at this Fridays meeting, I'll be
> the one looking very dopey, (oh hang-on thats most of
> us).
> 
> Maybe one month I'll just bring the whole machine and
> get someone at the meeting to set it up ;)
> 
> Phil.
> 
> 
> --- Donovan Baarda <abo at minkirri.apana.org.au> wrote:
> 
>>On Wed, 2005-04-06 at 01:11 +1000, sanbar wrote:
>>
>>>Phil NodeHPL wrote:
>>
>>[...]
>>
>>>>IP Tables.
>>>
>>>Ooh. The black art of firewalling. Werd.
>>
>>[...]
>>
>>>Firewalling ain't easy, as you really need to know
>>
>>what you are doing to 
>>
>>>get a system secure. If you want to learn it,
>>
>>start with someone else's 
>>
>>>(a really good starting point is a script at 
>>>
>>
> http://orbital.wiretapped.net/~technion/iptables.txt),
> 
>>pull it apart, 
>>
>>>break it, and put it back together.
>>>Some people are paid a lot of money (unless they
>>
>>work for Dodo) to sort 
>>
>>>out the problem you've just described, and I
>>
>>haven't even scratched the 
>>
>>>surface of stuff such as network address
>>
>>translation, shutting down 
>>
>>>unnecessary services, mac filtering and so on.
>>
>>This level of network 
>>
>>>control is hard to do for a beginner, and even
>>
>>harder to get right.
>>[...]
>>
>>I'm amazed people still even consider writing
>>iptables rules. There are
>>tons of decent firewall packages out there that will
>>do it all for you.
>>Why re-invent the wheel when you can focus on
>>tweaking the car.
>>
>>I like shorewall, because it makes simple things
>>easy, but can handle
>>complex setups (I had static IP ISDN, dynamic IP
>>ADSL, public wireless,
>>local LAN, and dialin modems all at once, with dual
>>load-balanced
>>default routes, source based routing, and
>>wondershaper traffic shaping;
>>6 different zones in all).
>>
>>-- 
>>Donovan Baarda <abo at minkirri.apana.org.au>
>>http://minkirri.apana.org.au/~abo/
>>
>>
> 
> 
> Find local movie times and trailers on Yahoo! Movies.
> http://au.movies.yahoo.com
> 
> To unsubscribe: send mail to majordomo at wireless.org.au
> with "unsubscribe melbwireless" in the body of the message
> 
> .
> 


To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message

More information about the Melbwireless mailing list