> Anybody interested in long boring details should feel free to mail me
> off line, but the gist is that the dotfile generator saved my butt and
> my few remaining shreds of sanity. Many thanks to the many people on
> this list who helped, particularly John Hardin for holding my hand, and
> to John and everybody else who worked on the dotfile package, a
> wonderful tool.
Thanks! <blush>
One caveat for others using this tool: support for default deny is still not
completely correct when combined with masquerading, so what I suggest for now
is that you set the default policy to ACCEPT and check the checkboxes that set
the default policy for TCP and UDP on the Internet interface to DENY. If you're
not masquerading, then everything *should* work okay with the default policy
set to DENY.
And I will try to put some samples up with detailed comments. I tried to make
it generate well-commented firewall script files; sorry they aren't adequate.
--
John Hardin KA7OHZ [EMAIL PROTECTED]
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
20 days until Netscape releases source code
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
