From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1EDfUz-00005a-Hp for garchives@archives.gentoo.org; Fri, 09 Sep 2005 09:48:45 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j899i4fV023665; Fri, 9 Sep 2005 09:44:04 GMT Received: from lmfilto01.st1.spray.net (lmfilto01.st1.spray.net [212.78.202.65]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j899eQps000999 for ; Fri, 9 Sep 2005 09:40:27 GMT Received: from localhost (localhost [127.0.0.1]) by lmfilto01.st1.spray.net (Postfix) with ESMTP id F36521CFDFC for ; Fri, 9 Sep 2005 09:44:16 +0000 (GMT) Received: from lmcodec04.st1.spray.net ([212.78.202.209]) by localhost (lmfilto01.st1.spray.net [212.78.202.32]) (amavisd-new, port 10024) with ESMTP id 02714-04 for ; Fri, 9 Sep 2005 09:44:16 +0000 (GMT) Received: from lmcodec04.st1.spray.net (localhost [127.0.0.1]) by lmcodec04.st1.spray.net (Postfix) with SMTP id A5D8BCF901 for ; Fri, 9 Sep 2005 09:44:16 +0000 (GMT) Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=lycos.co.uk; h=From:Subject; b=txdm7Of4bz6leUs/2/wyJosk3pb139/Q7oT806iyVbKNw6ogDOXVk2drP+pqOAKJD+ASt7JsPCIVQjuk0NcPO6Qqc4vv5JeG3aVegfjtbvC6NeH8Gaoh6ybEFIO+EUDeCN7azDdJmHH4W02gLLryZ2v2owJE4GgQbmg23rg5IRA=; From: "Michael Kintzios" To: Subject: RE: [gentoo-user] Re: iptables example on Gentoo Date: Fri, 9 Sep 2005 10:44:14 +0100 Message-ID: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: <00d701c5b494$3d2d36e0$0a00a8c0@butthead> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal X-Virus-Scanned: by amavisd-new at spray.net X-Archives-Salt: 170be640-cdd7-4d76-86d3-10e60659d9ea X-Archives-Hash: 1e22cddb68897458165c45fdd9feb098 > -----Original Message----- > From: Dave Nebinger [mailto:dnebinger@joat.com] > Sent: 08 September 2005 17:42 > To: gentoo-user@lists.gentoo.org > Subject: Re: [gentoo-user] Re: iptables example on Gentoo > [snip] > It does generate iptable rules, but they are customized for > shorewall's > purposes. For example, my shorewall setup builds the > following iptables > rules: > > # Generated by iptables-save v1.3.2 on Thu Sep 8 12:32:48 2005 > *nat > :PREROUTING ACCEPT [34942:3100331] > :POSTROUTING ACCEPT [106864:7597940] > :OUTPUT ACCEPT [106858:7597722] > :net_dnat - [0:0] > :w1ad_masq - [0:0] > -A PREROUTING -i w1ad -j net_dnat > -A POSTROUTING -o w1ad -j w1ad_masq > -A net_dnat -p udp -m multiport --dports What is the "[34942:3100331]" and "[106864:7597940]" references above? > These are all valid rules and are constructed by shorewall. > Would they be > the same if I hand-coded them? Absolutely not. I wouldn't > have so many > custom chains and would probably reorder the rules to give > priorities to > specific services. > > And, I would argue that whilst these rules are valid and do > perform the > firewall chores that I want/need, the format of the rules > would leave a lot > to be desired to try to maintain manually via the command line. If I understand this right: Shorewall, firehol, fwbuilder, etc., 'just-works', but it kludges the iptables? Some of these 'helpers' may also require you to learn some additional scripting format other than the conventional iptables. I guess that's similar to using some HTML WYSIWYG instead of hand coding it yourself. -- Regards, Mick -- gentoo-user@gentoo.org mailing list