From: Sebastian Redl <sebastian.redl@getdesigned.at>
To: gentoo-amd64@lists.gentoo.org
Subject: Re: [gentoo-amd64] Re: KISS firewall not working on Gentoo Hardened
Date: Thu, 04 Oct 2007 20:55:06 +0200 [thread overview]
Message-ID: <4705370A.4010709@getdesigned.at> (raw)
In-Reply-To: <pan.2007.10.04.16.24.09@cox.net>
Duncan wrote:
> "P.V.Anthony" <pvantony@singnet.com.sg> posted
> 470438AA.8040502@singnet.com.sg, excerpted below, on Thu, 04 Oct 2007
> 08:49:46 +0800:
>
>
>> I was trying to get the KISS firewall working on Gentoo Hardened amd64.
>>
> Personally, I tried a number of different firewall scripts, but wasn't
> really satisfied with any of them. Most of them tried to do too much --
> they had all sorts of config options for configuring big commercial
> networks, options for shutting off net access to a specific segment of
> the internal network at a specific time, for instance. I didn't /need/
> that sort of complex configuration, and it only made things more
> confusing, not less.
>
> At the same time, stuff that should have been simple ended up hugely
> complex. I was never sure which modules I needed for which options, and
> since I was configuring scripts that did the actual configuring of the
> IPTables based firewall, when something didn't work, I was never quite
> sure whether it was the script, or a bug in the kernel, or a missing
> module, or my mistake, or... Well, I'm sure you can identify right about
> now! =8^(
>
I have to disagree with this evaluation. In several years, I found that
shorewall makes simple things simple, and difficult things I've never
tried. My network is really, really simple: a
firewall/fileserver/everything with a slightly defective keyboard that I
carry a screen to when it doesn't work, plus a number of other computers
(one desktop, three laptops, usually) for various family members. The
firewall mainly does three things:
1) Block everything except a few services from the outside.
2) NAT.
3) A few direct port forwards to the desktop computer.
Configuring this is easy enough in IPTables (I did learn them somewhat,
out of interest, though I've forgotten a lot, too), but it's really,
really easy in shorewall.
In all the years I've used Gentoo now, I can only say that I'm highly
satisfied with the program. The only negative point I can find is that
it always wants to overwrite all the configuration files on an upgrade.
Sebastian Redl
--
gentoo-amd64@gentoo.org mailing list
next prev parent reply other threads:[~2007-10-04 19:07 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-04 0:49 [gentoo-amd64] KISS firewall not working on Gentoo Hardened P.V.Anthony
2007-10-04 16:24 ` [gentoo-amd64] " Duncan
2007-10-04 18:55 ` Sebastian Redl [this message]
2007-10-04 23:14 ` Homer Parker
2007-10-04 23:20 ` Duncan
2007-10-04 23:38 ` Duncan
2007-10-20 16:13 ` P.V.Anthony
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4705370A.4010709@getdesigned.at \
--to=sebastian.redl@getdesigned.at \
--cc=gentoo-amd64@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox