On Fri, 2006-02-17 at 13:56 +0000, Timothy Murphy wrote: > Steve Ziuchkovski wrote: > > > Is there a utility that allows iptable to be configured easily and updated > > at runtime, but without sacrificing any security (other than ports I open, > > of course!)? > fwbuilder does a very good job of creating/compiling an iptables configuration script for you. To tweak the running tables just run a new script and it completely replaces the running rules with the new ones. > I'm not sure I understand your question perfectly, > but shorewall has a number of standard configurations (eg two-interfaces) > one of which would suit most situations, I imagine. > > I must say, as a shorewall user, I am surprised > at the complication of the resulting iptables, > which makes me think it must be rather difficult > to set up iptables without using an extra program like this. > > A bit like sendmail, in fact. > > Am I mistaken? > > -- > Timothy Murphy > e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie > tel: +353-86-2336090, +353-1-2842366 > s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland >
