On Thu, 8 Sep 2005 01:23:26 +0000 (UTC), James wrote:

> > Why not just sit down and read the source?  
> 
> I'm sure that's going to happen too. But having a 
> working machine with iptables/netfilter is like
> having a lab-class to go with the 
> (theory) lecture part of the class, methinks.

So try out some of the standard configurations in Shorewall. Read the
Shorewall scripts to see what they are trying to do then examine the
iptables rules they create to see how it does it. That gives you exactly
what you were asking for, a set of standard, working iptables rules to
learn from, with no GUI in sight. Shorewall is not an automatic rule
generator like Guarddog, it is more like a compiler, turning your source
rules into iptable rules.

By picking up a bunch of rules from some web site somewhere, you run the
risk of learning from bad rules (like learning HTML by picking apart web
sites). If a well known and well used program like Shorewall generated
bad rules, they'd be picked up immediately.


-- 
Neil Bothwick

ASSISTANT MANAGER: Feminine form of the word manager (q.v.).