From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org
X-Spam-Level: **
X-Spam-Status: No, score=2.0 required=5.0 tests=DATE_IN_PAST_12_24,
	DMARC_REJECT,INVALID_DATE,MAILING_LIST_MULTI autolearn=no
	autolearn_force=no version=4.0.0
Received: from client125178.atl.mediaone.net ([24.31.125.178] helo=jomama.huneycuttfamily.org)
	by cvs.gentoo.org with esmtp (Exim 3.30 #1)
	id 15oFIW-0006Ck-00
	for gentoo-dev@cvs.gentoo.org; Mon, 01 Oct 2001 20:28:40 -0600
Received: from acm.org (unknown [192.168.1.247])
	by jomama.huneycuttfamily.org (Postfix) with ESMTP
	id 3AF191C969; Mon,  1 Oct 2001 18:38:43 -0400 (EDT)
Message-ID: <3BB926B7.1030805@acm.org>
From: Chad Huneycutt <chad.huneycutt@acm.org>
Organization: Georgia Tech College of Computing
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.3+) Gecko/20010904
X-Accept-Language: en-us
MIME-Version: 1.0
To: gentoo-dev@cvs.gentoo.org
Subject: Re: [gentoo-dev] NAT iptables info
References: <3BB8D91C.C52CDE0C@gentoo.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: gentoo-dev-admin@cvs.gentoo.org
Errors-To: gentoo-dev-admin@cvs.gentoo.org
X-BeenThere: gentoo-dev@cvs.gentoo.org
X-Mailman-Version: 2.0
Precedence: bulk
Reply-To: gentoo-dev@cvs.gentoo.org
X-Reply-To: chadh@cc.gatech.edu
List-Help: <mailto:gentoo-dev-request@cvs.gentoo.org?subject=help>
List-Post: <mailto:gentoo-dev@cvs.gentoo.org>
List-Subscribe: <http://cvs.gentoo.org/mailman/listinfo/gentoo-dev>,
	<mailto:gentoo-dev-request@cvs.gentoo.org?subject=subscribe>
List-Id: Gentoo Linux development list <gentoo-dev.cvs.gentoo.org>
List-Unsubscribe: <http://cvs.gentoo.org/mailman/listinfo/gentoo-dev>,
	<mailto:gentoo-dev-request@cvs.gentoo.org?subject=unsubscribe>
List-Archive: <http://cvs.gentoo.org/pipermail/gentoo-dev/>
Date: Mon Oct  1 20:29:01 2001
X-Original-Date: Mon, 01 Oct 2001 22:30:15 -0400
X-Archives-Salt: 9e47528c-ec8d-4d83-b796-327d370cc171
X-Archives-Hash: d0c2a1b24c48104486c9b960a0dd3306

Donny Davies wrote:

>To provide some kind of gentoo firewall is, hmm, well silly. Its %100
>configuration. This is not the domain of a 'package', 'rpm' or ebuild. 
>
I don't completely agree with this.  While questions like "How do I set 
up a firewall?" are not completely germaine to this mailing list, the 
above statement is your opinion and open for discussion here.  I think 
that it is a very good idea to provide several basic scripts for common 
configurations.  If they are already out there, then great!, we should 
include them in an ebuild.  It is a much better policy to have the 
network default to a secure state (such as the Rusty's script that 
allows no incoming connections) than to leave it wide open, and let the 
potentially newbie sysadmin get hacked.

It would be nice to bring up a semi-secure,  masquerading (or whatever 
they are calling it these days)  firewall box with little effort.  From 
there, one can learn about iptables and such things to customize it further.

Just some thoughts from someone who hasn't delved into iptables yet,

   Chad