From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MdXvy-0004uW-8T for garchives@archives.gentoo.org; Tue, 18 Aug 2009 23:17:42 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7CE0AE043A; Tue, 18 Aug 2009 23:17:40 +0000 (UTC) Received: from spore.ath.cx (mail.farrellit.net [66.191.143.114]) by pigeon.gentoo.org (Postfix) with ESMTP id 64207E043A for ; Tue, 18 Aug 2009 23:17:40 +0000 (UTC) Received: from napoleon.spore.ath.cx (static-74-42-46-242.dr01.apvy.mn.frontiernet.net [74.42.46.242]) by spore.ath.cx (Postfix) with ESMTP id DFD6F1094CB for ; Tue, 18 Aug 2009 18:17:39 -0500 (CDT) Date: Tue, 18 Aug 2009 18:17:47 -0500 From: Dan Farrell To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] IPCHAINS or other alternative firewalls or packet-filters? Message-ID: <20090818181747.0a525806@napoleon.spore.ath.cx> In-Reply-To: <20090818221136.GA7098@waltdnes.org> References: <20090818221136.GA7098@waltdnes.org> Organization: Spore, LTD X-Mailer: Claws Mail 3.7.2 (GTK+ 2.14.7; i686-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: f940c5b7-4412-444b-93e6-b4c57a216953 X-Archives-Hash: d260f5ac5e7d290d3cd57f4fddce3476 On Tue, 18 Aug 2009 18:11:36 -0400 "Walter Dnes" wrote: > IPCHAINS did the firewall job for me. Early versions of IPTABLES > were OK too. But it eventually developed the Mozilla disease, and > became a honking big routing/gatewaying/QOSing/singing/dancing > monstrosity, of which I required only a small fraction of its > "functionality". And I'm really confused as to which parts in > netfilter/xtables/iptables I need to build into the kernel. Hey, I too am a minimalist but I think you've got iptables misidentified. It has lots of features; that's not the same as saying it's bloated. More like the linux kernel (and in fact it _is_, as others have said, the linux kernel) - it supports a lot of different functionality. If you don't want a particular capability, disable it in the kernel. If you want a quick firewall setup, use http://spore.ath.cx/~dan/doc/home-firewall.html. It's what I use and my step by step guide should save you a bit of effort.