On Wed, Nov 21, 2007 at 01:49:15PM +0700, Klein Moebius wrote: > Being on the road a lot with my trusted lappy, I'd like to get > suggestions on the best solution for an iptables based firewall that > needs to be easily reconfigurable for wireless, ethernet cable, and ppp. > I should be able to apply rules on the fly using tools such as wireshark > to identify mac address exclusions, etc, and hopefully would be ipv6 > capable. Any ideas?
You could look at shorewall. It has a great set of docs in shorewall-doc. Your laptop has three potential interfaces: eth(cable), eth(wireless) and ppp. Do the two eth end up with different unit numbers? (I've never used wireless). From a firewall perspective, does it matter if at any given time you're using a particular interface? Assuming that you're not forwarding, although perhaps the Nat config will change. You could create a set of config files for each setup and write a script that copies the correct set to /etc/shorewall then restarts shorewall. Have the script start when an interface goes up. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
