[MLB-WIRELESS] IP Tables.

Wed Apr 6 14:00:41 EST 2005

ipfilters is by far my favourite firewall.
But its BSD only :P Nice and easy to write/edit
you can write complex rules off the top of your head even if 
you haven't used it in months. 

those instant linux based firewalls are annoying imho :P

-
Rory

----- Original Message ----- 
From: "John McClumpha" <john at incitegraphics.com.au>
To: "Zoi Jones" <zoiqq at yahoo.com.au>
Cc: "mlbwireless" <melbwireless at wireless.org.au>
Sent: Wednesday, April 06, 2005 12:41 PM
Subject: Re: [MLB-WIRELESS] IP Tables.

> From what I can see shorewall is used to simplify the process of 
> setting up iptables rather than being a firewall solution. Great if 
> you're familiar with linux and want to simplify this (otherwise 
> daunting) task
> 
> For a firewall distro have a look at http://www.smoothwall.org or 
> http://www.ipcop.org - there's others around I'm sure - but these two 
> I've had a lot of success with.
> 
> Simply burn the ISO - boot from the CD and follow the basic prompts to 
> set it up. Once setup all (well... all "standard") admin can be done via 
> a web gui from any other machine.
> 
> John
> node INQ
> 
> 
> Zoi Jones wrote:
> > Ok,
> > 
> > So I need to setup my p2-333 with SHOREWALL maybe ?
> > 
> > Is that a distro or a package to install onto some
> > other distro ?
> > 
> > If its a distro in itself where can it find it ?
> > 
> > If its a package (which from my googleing it appears
> > it is) which distro is 'ease of install and setup' for
> > this linux noob ?
> > 
> > Still Hopeing to be at this Fridays meeting, I'll be
> > the one looking very dopey, (oh hang-on thats most of
> > us).
> > 
> > Maybe one month I'll just bring the whole machine and
> > get someone at the meeting to set it up ;)
> > 
> > Phil.
> > 
> > 
> > --- Donovan Baarda <abo at minkirri.apana.org.au> wrote:
> > 
> >>On Wed, 2005-04-06 at 01:11 +1000, sanbar wrote:
> >>
> >>>Phil NodeHPL wrote:
> >>
> >>[...]
> >>
> >>>>IP Tables.
> >>>
> >>>Ooh. The black art of firewalling. Werd.
> >>
> >>[...]
> >>
> >>>Firewalling ain't easy, as you really need to know
> >>
> >>what you are doing to 
> >>
> >>>get a system secure. If you want to learn it,
> >>
> >>start with someone else's 
> >>
> >>>(a really good starting point is a script at 
> >>>
> >>
> > http://orbital.wiretapped.net/~technion/iptables.txt),
> > 
> >>pull it apart, 
> >>
> >>>break it, and put it back together.
> >>>Some people are paid a lot of money (unless they
> >>
> >>work for Dodo) to sort 
> >>
> >>>out the problem you've just described, and I
> >>
> >>haven't even scratched the 
> >>
> >>>surface of stuff such as network address
> >>
> >>translation, shutting down 
> >>
> >>>unnecessary services, mac filtering and so on.
> >>
> >>This level of network 
> >>
> >>>control is hard to do for a beginner, and even
> >>
> >>harder to get right.
> >>[...]
> >>
> >>I'm amazed people still even consider writing
> >>iptables rules. There are
> >>tons of decent firewall packages out there that will
> >>do it all for you.
> >>Why re-invent the wheel when you can focus on
> >>tweaking the car.
> >>
> >>I like shorewall, because it makes simple things
> >>easy, but can handle
> >>complex setups (I had static IP ISDN, dynamic IP
> >>ADSL, public wireless,
> >>local LAN, and dialin modems all at once, with dual
> >>load-balanced
> >>default routes, source based routing, and
> >>wondershaper traffic shaping;
> >>6 different zones in all).
> >>
> >>-- 
> >>Donovan Baarda <abo at minkirri.apana.org.au>
> >>http://minkirri.apana.org.au/~abo/
> >>
> >>
> > 
> > 
> > Find local movie times and trailers on Yahoo! Movies.
> > http://au.movies.yahoo.com
> > 
> > To unsubscribe: send mail to majordomo at wireless.org.au
> > with "unsubscribe melbwireless" in the body of the message
> > 
> > .
> > 
> 
> 
> To unsubscribe: send mail to majordomo at wireless.org.au
> with "unsubscribe melbwireless" in the body of the message
> 
> 

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message