From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
by finch.gentoo.org with esmtp (Exim 4.60)
(envelope-from <gentoo-user+bounces-92940-garchives=archives.gentoo.org@lists.gentoo.org>)
id 1Lqdj0-00056i-IR
for garchives@archives.gentoo.org; Mon, 06 Apr 2009 01:34:11 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id AB4E1E039A;
Mon, 6 Apr 2009 01:34:08 +0000 (UTC)
Received: from yx-out-1718.google.com (yx-out-1718.google.com [74.125.44.157])
by pigeon.gentoo.org (Postfix) with ESMTP id 87F74E039A
for <gentoo-user@lists.gentoo.org>; Mon, 6 Apr 2009 01:34:08 +0000 (UTC)
Received: by yx-out-1718.google.com with SMTP id 6so1394118yxn.46
for <gentoo-user@lists.gentoo.org>; Sun, 05 Apr 2009 18:34:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:in-reply-to:references
:date:message-id:subject:from:to:cc:content-type;
bh=l5RomQaqu8/kBmp1D8L9jVvQEzji/D2gmJSKFSqv2io=;
b=uWyk7rir0Yto4ahvaOuYuivA5SVty5URf2x+za9IJtIlZxKavAjeE7Lh6TXMOA6JtE
bKm26liZw8f4vfor8yuugp2XsaqeAwnLYO5SVE3f/NFN/47vL251BBMFBQnKzdnbaQm9
F59/M39hyyaYCqK+gpTIur+y4tWSM/kXeSxag=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:cc:content-type;
b=DsQGP6CORhiHni5gbG8bUjBxgRWSmuNfh28j4zX2F4GNahoSoNMVVrL1eqKUgz45hr
trECgMw9y0VlN02LmhjickPoNF8nz3L2tEtOWV5FI3gASM92Vte966kkFxmtWaL0rlgg
1Mj5g1s6Vroydvec0FQmLR14mUlPAhlj1ZS/Q=
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.151.100.17 with SMTP id c17mr7382401ybm.73.1238981648211; Sun,
05 Apr 2009 18:34:08 -0700 (PDT)
In-Reply-To: <49D8A84B.3020402@swipnet.se>
References: <49D7DE04.3030506@swipnet.se>
<49D8785C.3080200@f_philipp.fastmail.net> <49D88AF3.60501@swipnet.se>
<200904051215.35727.peter@humphrey.ukfsn.org>
<49D8A84B.3020402@swipnet.se>
Date: Sun, 5 Apr 2009 21:34:08 -0400
Message-ID: <c1dd97640904051834o6ec5215dwccadda8981594e0@mail.gmail.com>
Subject: Re: [gentoo-user] simple firewall
From: James Stull <rivitir@gmail.com>
To: gigli@swipnet.se
Cc: gentoo-user@lists.gentoo.org
Content-Type: multipart/alternative; boundary=00151751146c065fda0466d8e54d
X-Archives-Salt: 1d675d18-4dfa-4c62-bd70-f481a61c3d76
X-Archives-Hash: 8fbf5e0818e67236706853dc51cdb9f4
--00151751146c065fda0466d8e54d
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Have you tried Firewall Builder? You can use Firewall Builder to make all
the rules for iptables.
On Sun, Apr 5, 2009 at 8:47 AM, gigli <gigli@swipnet.se> wrote:
> Peter Humphrey skrev:
> > On Sunday 05 April 2009 11:41:55 gigli wrote:
> >
> >> i will give shorewall a new try and hope i'll make better progress thsi
> >> time
> >
> > My gateway machine has three interfaces and uses shorewall to protect
> them.
> > If you like I could tar up /etc/shorewall and send it to you. I've had to
> > create macros for several services and put them in /usr/share/shorewall,
> > but if you run "shorewall try /etc/shorewall" it'll tell you which you
> > need. I made them by copying others and changing bits.
> >
> > The three interfaces are the external network (a DSL modem), the internal
> > wired network (an Ethernet switch) and a wireless network (an access
> > point).
> >
> > I don't suppose my setup is the acme of elegance or wit, but it seems to
> > work. The rules file is 195 lines long.
> >
> Hi peter
>
> I would be happy if you mailed me the tar. I have only one interface and
> need to protect my computer while connected through openvpn, i guess
> openvpn goes directly through my pfsense box bothways and it would be
> nice to stay protected then. Or have i misunderstood that?
>
> Martin
> gigli@swipnet.se
>
>
--00151751146c065fda0466d8e54d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Have you tried Firewall Builder? You can use Firewall Builder to make all t=
he rules for iptables.<br><br><br><br><div class=3D"gmail_quote">On Sun, Ap=
r 5, 2009 at 8:47 AM, gigli <span dir=3D"ltr"><<a href=3D"mailto:gigli@s=
wipnet.se">gigli@swipnet.se</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Peter Humphrey sk=
rev:<br>
<div><div></div><div class=3D"h5">> On Sunday 05 April 2009 11:41:55 gig=
li wrote:<br>
><br>
>> i will give shorewall a new try and hope i'll make better prog=
ress thsi<br>
>> time<br>
><br>
> My gateway machine has three interfaces and uses shorewall to protect =
them.<br>
> If you like I could tar up /etc/shorewall and send it to you. I've=
had to<br>
> create macros for several services and put them in /usr/share/shorewal=
l,<br>
> but if you run "shorewall try /etc/shorewall" it'll tell=
you which you<br>
> need. I made them by copying others and changing bits.<br>
><br>
> The three interfaces are the external network (a DSL modem), the inter=
nal<br>
> wired network (an Ethernet switch) and a wireless network (an access<b=
r>
> point).<br>
><br>
> I don't suppose my setup is the acme of elegance or wit, but it se=
ems to<br>
> work. The rules file is 195 lines long.<br>
><br>
</div></div>Hi peter<br>
<br>
I would be happy if you mailed me the tar. I have only one interface and<br=
>
need to protect my computer while connected through openvpn, i guess<br>
openvpn goes directly through my pfsense box bothways and it would be<br>
nice to stay protected then. Or have i misunderstood that?<br>
<br>
Martin<br>
<font color=3D"#888888"><a href=3D"mailto:gigli@swipnet.se">gigli@swipnet.s=
e</a><br>
<br>
</font></blockquote></div><br>
--00151751146c065fda0466d8e54d--