On Thu, 2005-09-08 at 01:34 +0000, James wrote:
> Bryan Whitehead <driver <at> megahappy.net> writes:
> 
> > 
> > Wow, that is news to me... I've always just banged out iptables rules and 
> > then saved them...
> 
> 
> Got anything to share? Surely a 3 nic firewall {
> WAN(single IP), LAN and DMZ, with a web server and eventually
> 2 dns servers on the DMZ is not really a big deal?
> 
> Which kernel sources did you use? Anything tricky 
> in building the kernel?
> 
> The system is only going to be a firewall/router
> so only minimal necessary packages will be installed.
> 
> 
> James
> 
Hi James,
Haven't tried all (only for a single card) but on the 'shorewall.net"
site there are sample configs for a single, with two and three Lan card
interfaces (WAN, LAN, DMZ). Used one myself.
In the docs there are even graphical ;) screen-shots of the
kernel-config options which you need to use to get all of shorewall
features. Recommended iptables config.
Don't think you believe there is a piece of software which doesn't have
(now) or didn't have at some point of time a Bug or two or more.
HTH. Rumen