Firewall configuration for Fedora 16

Ben Walton bdwalton-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Sun Jun 3 12:21:44 UTC 2012


> I will look into using shorewall and cfengine as well. However, I prefer the
> raw tools.

I'm with Anthony on this one.  Understanding the raw rules is great
and you should definitely have some familiarity with them.  I don't
have the time to manually write all of the complex rules I need
though, so shorewall is a good compromise for me.  As a learning tool,
you could use the compile mode that shorewall offers to inspect the
raw iptables commands that are generated.  And when using shorewall as
a live firewall, iptables -L (or shorewall show) give you a nicely
segrated rule set that is easy to digest as well.  (It makes heavy use
of _tables_ which most manual firewall configs don't.)

Anyway, don't give up on learning the raw rules, just make sure you
use your time wisely. :)

Thanks
-Ben
-- 
---------------------------------------------------------------------------------------------------------------------------
Ben Walton <bdwalton-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>

Take the risk of thinking for yourself.  Much more happiness,
truth, beauty and wisdom will come to you that way.

-Christopher Hitchens
---------------------------------------------------------------------------------------------------------------------------
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list