Shorewall is firewall package. It provides canned config files to help you get setup very quickly. If you are using the iptables stuff that is stock, I highly recommend that you disable it, and switch to something with a few more features.
Shorewall is provided on RPM [among other formats], and installs it's main config to /etc/shorewall. It runs as a 'service' from /etc/init.d. It is capable of handling small installations easily, and readily handles with large installations and more complex needs. Sorry if I failed to be a good advocate there. js On Fri, 2002-12-06 at 09:20, Rick Johnson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Joshua Schmidlkofer wrote: > | *note: before installing this, I recommend you do this: > | > | chkconfig --level 345 ipchains off > | chkconfig --level 345 iptables off > > Honestly - I'd recommend not turning off iptables. > > Rather - run the canned script once, then do the following: > > service iptables save > > After that - the init.d process will read the saved firewall from > /etc/sysconfig/iptables and load it each time *before* your network > interfaces come up. If you're calling a script from rc.local, chances are > it's being started *after* ETHx is brought up which is leaving your machine > open/vulnerable for a brief time. > > Unless the script creates a dynamic firewall each time it runs, there's no > real reason to circumvent Red Hat's tools. They're there for a good reason. :-) > > - -Rick > - -- > Rick Johnson, RHCE - [EMAIL PROTECTED] > Linux/WAN Administrator - Medata, Inc. > PGP Public Key: https://mail.medata.com/pgp/rjohnson.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (MingW32) > Comment: Signed and/or encpryted for everyone's protection. > > iEYEARECAAYFAj3w3HAACgkQIgQdhlSHZgO8pgCg+khASts3iNsnU5cxmlMmTo31 > dCgAoIUZUsQp7UBCXdORBHq8lmZpYXAY > =TxDL > -----END PGP SIGNATURE----- -- VB programmers ask why no one takes them seriously, it's somewhat akin to a McDonalds manager asking employees why they don't take their 'career' seriously.
signature.asc
Description: This is a digitally signed message part
