On Sunday 23 August 2020 16:10:10 deloptes wrote: > Hi Gene, > > Gene Heskett wrote: > > Since the big conversion of file structs vs who owns what, which > > apparently includes running rc.local as the logged in user and not > > as root, that has hidden the iptables stuff from everybody but root > > since its not now in the users $PATH. > > I was running home brew iptables firewall until couple of months ago. > It was time to upgrade since iptables is getting replaced by net > filter (nftables). It was obvious that at some point an upgrade is > inevitable. > > After researching some options I picked up shorewall and I am very > happy with it. > > My requirement was to be able to easily configure and maintain a > firewall with at least 3 (three) network cards Internet, Intranet and > DMZ. Accent put on easy to configure - and I must admit the shorewall > thing is amazing. > > > So what is the best way to assure this stuff gets started during a > > reboot or restart of X? Stuff that s/b running regardless of any X > > restarts until the next full reboot? Stretch, uptodate plus tde > > here. > > I don't know if it suits your needs - you might be looking for a > desktop firewall, which I do not need and thus don't know ... but keep > in mind that at some point in the future nftables will be the king. > > regards
At the present time I have around 80 rules, all designed to deny the network spiders and bots that think they have to mirror my several giga-byte site, 2 or 3 times a day. And that was eating up my bandwidth allocation on a slow net connection. Is there a tut someplace to guide one in converting from iptables to this newer nftables? I'm assumeing its a similar utility. Thanks. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Genes Web page <http://geneslinuxbox.net:6309/gene>
