From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1E9M1l-0003qe-GN for garchives@archives.gentoo.org; Sun, 28 Aug 2005 12:12:45 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7SCA7Bn002893; Sun, 28 Aug 2005 12:10:07 GMT Received: from mail.iinet.net.au (mail-08.iinet.net.au [203.59.3.40]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7SC6No6005815 for ; Sun, 28 Aug 2005 12:06:25 GMT Received: (qmail 13182 invoked from network); 28 Aug 2005 12:07:56 -0000 Received: from unknown (HELO moriah.localdomain) (203.59.166.20) by mail.iinet.net.au with SMTP; 28 Aug 2005 12:07:56 -0000 Received: from localhost (localhost [127.0.0.1]) by moriah.localdomain (Postfix) with ESMTP id A03D66FD3 for ; Sun, 28 Aug 2005 20:07:56 +0800 (WST) Received: from moriah.localdomain ([127.0.0.1]) by localhost (moriah [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23355-19 for ; Sun, 28 Aug 2005 20:07:45 +0800 (WST) Received: from rattus.localdomain (rattus [192.168.1.2]) by moriah.localdomain (Postfix) with ESMTP id 991C46ED3 for ; Sun, 28 Aug 2005 20:07:45 +0800 (WST) Subject: Re: [gentoo-user] A Gentoo Firewall howto? From: William Kenworthy To: gentoo-user@lists.gentoo.org In-Reply-To: <642958cc050827061115947c93@mail.gmail.com> References: <20050827122313.18364eba.monotux@gmail.com> <1125141178.5526.44.camel@rattus.localdomain> <642958cc050827061115947c93@mail.gmail.com> Content-Type: text/plain Organization: Home! Date: Sun, 28 Aug 2005 20:07:45 +0800 Message-Id: <1125230865.5526.64.camel@rattus.localdomain> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at localdomain X-Archives-Salt: 14e12e6d-ff05-489c-93f9-2b65af0bd34f X-Archives-Hash: 966843bac2a8bfd6ccf6fa879dba3099 Its not just easing the pain: I am not sure that someone who is not intimately familiar with iptables doing what amounts to a home brew is advisable. There's quite a number of ways to screw up and leave your system exposed. The way to minimise the risk is to start with a known, popular, opensource (i.e., many eyes) script that does the main things for you - and then *test* it from both inside and outside. The time to fiddle with something as "critical" as this is when you know what you are doing. Many (most?) will be successful, but what about those who try and do everything right and fail ... BillK On Sat, 2005-08-27 at 09:11 -0400, Mark Shields wrote: > I know you mentioned easing the pain, but good old iptables worked for ... -- gentoo-user@gentoo.org mailing list