From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LqOYp-0007cN-CM for garchives@archives.gentoo.org; Sun, 05 Apr 2009 09:22:39 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A1704E04C0; Sun, 5 Apr 2009 09:22:37 +0000 (UTC) Received: from out2.smtp.messagingengine.com (out2.smtp.messagingengine.com [66.111.4.26]) by pigeon.gentoo.org (Postfix) with ESMTP id 8746AE04C0 for ; Sun, 5 Apr 2009 09:22:37 +0000 (UTC) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 6173C311C02; Sun, 5 Apr 2009 05:22:37 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute1.internal (MEProxy); Sun, 05 Apr 2009 05:22:37 -0400 X-Sasl-enc: C3yYSR6Yt919My9Uw1fL+w8RCx5Y34GyFFS7M4yR/zN0 1238923356 Received: from [192.168.5.6] (lvps92-51-162-90.dedicated.hosteurope.de [92.51.162.90]) by mail.messagingengine.com (Postfix) with ESMTPSA id F3DAD26961 for ; Sun, 5 Apr 2009 05:22:35 -0400 (EDT) Message-ID: <49D8785C.3080200@f_philipp.fastmail.net> Date: Sun, 05 Apr 2009 11:22:36 +0200 From: Florian Philipp User-Agent: Thunderbird 2.0.0.21 (X11/20090325) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] simple firewall References: <49D7DE04.3030506@swipnet.se> <4771eea5595dc4bc67ca4d62bec4abeb@smtp.hushmail.com> In-Reply-To: <4771eea5595dc4bc67ca4d62bec4abeb@smtp.hushmail.com> X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigE8B1911CFC17820953F88CBB" X-Archives-Salt: 40be2140-a3aa-4b07-95e4-f9cef7e0b63b X-Archives-Hash: cb6c62ce5e3a816d022533bfff0acbb2 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigE8B1911CFC17820953F88CBB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable forgottenwizard schrieb: > On 00:24 Sun 05 Apr, gigli wrote: >> Hi >> >> I wonder if there is any easy firewall for gentoo. I tried ubuntu for = a >> while and used their ufw, which was very simple. >> >> My needs: >> >> Block incoming traffic except for sshd and https (and sometimes >> bittorrent) and allow my lan to connect to my samba share, mythtv and >> mysql when i use openvpn or allways, which would be easyist. My box is= >> usually protected by pfsense. >> >> I have a hard time to understand iptables and i have tried guarddog an= d >> kmyfirewall and others, didn't really like them. Something like ufw >> would be nice. >> [...] >=20 > As for software, you could look into Shorewall and see if that works fo= r you. >=20 I second that recommendation. Shorewall is a really great piece of software: a lot of functionality paired with a lot of documentation. It has got support for OpenVPN and macros for most common services (which makes it a matter of maybe a minute to add a rule for a new servic= e). The only downside I see is that it compiles many rules which wouldn't be strictly necessary and therefore needs a lot of kernel modules to start (and it doesn't always give helpful error messages when it misses a modul= e). --------------enigE8B1911CFC17820953F88CBB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAknYeGIACgkQqs4uOUlOuU8U6wCeJ2/JtT6w56pTtK/2FKa8dgkp EPwAn1MpJ2yassv0SahGICRyCQYeGoN+ =R38K -----END PGP SIGNATURE----- --------------enigE8B1911CFC17820953F88CBB--