Firewall configuration for Fedora 16

Anthony de Boer adb-SACILpcuo74 at public.gmane.org
Sun Jun 3 02:34:01 UTC 2012


Lennart Sorensen wrote:
> Personally I highly recommend shorewall as a way cleaner way to manage
> iptables than doing it manually.  It just makes things so much simpler
> to deal with and easier to get an overview of.

I got my baptism-by-fire with the 800-line iptables ruleset from hell
on one of the routers at a previous job, so a basic ruleset really
doesn't have enough horror to scare me anymore.

My previous boss used to call me a complete nobody: "Nobody understands
iptables", or another time "Nobody uses the command line anymore".

OpenBSD firewall rules are fun too; I told the box to "pass out quick on
$cheap_gin", though actually cheap_gin was a macro for "rl0 tagged OK
keep state".

But the tech world is big enough that having general information and
a grasp of a high-level tool in a lot of areas is really all there's
time for; we have to pick and choose our battles going in under the
hood in specific areas and finding out more than we ever wanted to
know about some particular topic.  And in most places I'd rather read
or write a bit of config that's short and sweet and to the point and
not have to parse through reams of boilerplate to see what bits are
unusual this time.

-- 
Anthony de Boer
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list