[linux-elitists] oBSD-elitist: 56K virtual shared pipe for all 'Doze MTAs

Jeff Waugh jdub@perkypants.org
Fri Feb 13 22:38:19 PST 2004

<quote who="Karsten M. Self">

> 1.  OK, what is *your* favorite good description of the whole iptables
>     mess?  I've got Sonnenreich and Yates, _Building Linux and OpenBSD
>     Firewalls_, Wiley, and Ziegler _Linux_ Firewalls_, New Riders.  Both
>     cover ipchains / ipfwadmin.  I'm going through Rusty Russel's
>     unreliable guides (trying to find PS for printing).  And manpages
>     for iptables.  It's not sinking in.  fwbuilder was also rather more
>     puzzling than I'd hoped.

iptables is like the assembly language of firewalling. Useful to grok, but
not entirely sensible to write directlyi (in most cases, these days, etc). I
usually recommend shorewall for "proper firewalls" (not desktops or laptops
unless you're way keen), which is quite policy oriented and handles all
sorts of common use cases very well, and a few unusual ones sensibly.

There are some cool desktop tools for other use cases.

- Jeff

GVADEC 2004: Kristiansand, Norway                    http://2004.guadec.org/
   "Debian is not as minor as many business end people think." - Alan Cox

More information about the linux-elitists mailing list