Firewall configuration for Fedora 16

[Lennart Sorensen]

On Sat, Jun 02, 2012 at 10:34:01PM -0400, Anthony de Boer wrote:
> I got my baptism-by-fire with the 800-line iptables ruleset from hell
> on one of the routers at a previous job, so a basic ruleset really
> doesn't have enough horror to scare me anymore.
> 
> My previous boss used to call me a complete nobody: "Nobody understands
> iptables", or another time "Nobody uses the command line anymore".
> 
> OpenBSD firewall rules are fun too; I told the box to "pass out quick on
> $cheap_gin", though actually cheap_gin was a macro for "rl0 tagged OK
> keep state".
> 
> But the tech world is big enough that having general information and
> a grasp of a high-level tool in a lot of areas is really all there's
> time for; we have to pick and choose our battles going in under the
> hood in specific areas and finding out more than we ever wanted to
> know about some particular topic.  And in most places I'd rather read
> or write a bit of config that's short and sweet and to the point and
> not have to parse through reams of boilerplate to see what bits are
> unusual this time.

I know how iptables works, and I can look at the results of what shorewall
does to make sure it is what I wanted, but I sure do appreciate not
having to do all that boring work myself.

-- 
Len Sorensen
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists