[linux-elitists] oBSD-elitist: 56K virtual shared pipe for all 'Doze MTAs
Fri Feb 13 22:38:19 PST 2004
<quote who="Karsten M. Self">
> 1. OK, what is *your* favorite good description of the whole iptables
> mess? I've got Sonnenreich and Yates, _Building Linux and OpenBSD
> Firewalls_, Wiley, and Ziegler _Linux_ Firewalls_, New Riders. Both
> cover ipchains / ipfwadmin. I'm going through Rusty Russel's
> unreliable guides (trying to find PS for printing). And manpages
> for iptables. It's not sinking in. fwbuilder was also rather more
> puzzling than I'd hoped.
iptables is like the assembly language of firewalling. Useful to grok, but
not entirely sensible to write directlyi (in most cases, these days, etc). I
usually recommend shorewall for "proper firewalls" (not desktops or laptops
unless you're way keen), which is quite policy oriented and handles all
sorts of common use cases very well, and a few unusual ones sensibly.
There are some cool desktop tools for other use cases.
GVADEC 2004: Kristiansand, Norway http://2004.guadec.org/
"Debian is not as minor as many business end people think." - Alan Cox
More information about the linux-elitists