* [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: > > As I see it, you have two choices. If you just want something that > should do what you want and don't want to have to set anything up, just > install ipmasq. It determines what the untrusted network is by where > the default route or gateway points; its automatic. If you want the > tightest firewall with only the ports you want open, then go with > shorewall.
Interesting what you say about ipmasq. How automatic is it? I would have assumed that it had more to do with making your machine a gateway, which mine isn't, than firewalling itself. I am assuming that it does both? > The documentation is vast; its like a book. You wouldn't buy a big book > on network security and open it to the middle and expect to know what > was going on. Start at the beginning and just read it through. Trust > your brain to synthesize and develop a plan for your situation. I know what you mean there. I think it turned out to be something like 550 pages, give or take. And I actually was reading it from the beginning, but you can imagine what a task that is just to set up a couple of rules. And I was beginning to think that it was not set up to handle a situation as simple as mine. Of course, I was wrong. But, this all begs the question of what Shorewall is really trying to do. I would think that the point of these firewall tools would be to get around the rather difficult process of figuring out iptables. However, shorewall seems to simply replace the very archaic and tricky iptables commands and structure with its own equally difficult version. Why is that exactly? Couldn't somebody with that kind of need simply take the same time and learn the very thing that Shorewall is manipulating, i.e. iptables? Patrick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
