On Sat, Jun 12, 2004 at 02:01:26PM -0600, Rodolfo J. Paiz wrote: > At 22:40 6/10/2004, Kevin F. Berrien wrote: > >Thanks for everyone's help. Gonna test my script some more, document my > >settings in a notebook, and do it all over again for the production > >install. > > When you're done and you have the thing working well with your current > toolset (if it ain't broke, don't fix it), you may want to try to repeat > the task using Shorewall. I highly recommend it as a more flexible, > powerful tool which I just happen to find also easier to use. Used it on > over 50 systems so far, I'd guess. Never used Shorewall and I'm sure your testament is not misplaced, Rodolfo. But treating a firewall as a black box without understanding at least the basic principles of the netfilter/iptables framework/syntax is not my cup of tea. Using Shorewall and then studying its scripts would be a good thing, though. I'm with Kevin who is taking a more studious approach. -- Jack Bowling mailto: jbinpg@xxxxxxx
