On Wed, Oct 08, 2014 at 05:58:53PM -0400, Steve Litt wrote: > On Thu, 09 Oct 2014 06:18:09 +1000 > Stuart Longland <stua...@longlandclan.yi.org> wrote: > > > > The hard bit about things like firewalling, is that there is really a > > minimum technical understanding necessary to do it properly. > > You've got that right. Years ago, I despaired of ever understanding > iptables, and just put a pf firewall between the LAN and the Internet. > And although I find pf much more understandable than iptables, pf isn't > simple either. One of the first things you need to get used to is > what's "in" and "out". With pf, that's relative to the firewall, not > the browser. > > I couldn't imagine making firewalling simple, because there's so much > it does: Blocking packets, logging, pinholing with port forwarding, > NAT, and probably another hundred things I don't know about. And all > sorts of packets. > > If one wants simple firewalling, about the best you can hope for is > something like pfSense, but that's not all that simple either.
Have a look at shorewall. -- "If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing." --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141009091038.GQ21549@tal
