[TriLUG] FYI - nice firewall software
Benjamin Reed
ranger at befunk.com
Sat Feb 23 14:04:22 EST 2002
I've finished setting up a package I found called "Shorewall" on 2
different linux boxes now, and I've gotta say, it's quite amazing. It's
basically based on a "zone" system, where you define a set of zones (say
"local", "internet", and "dmz"). Then, you define your default
policies, like "allow all local to network traffic", "disallow all
firewall to local traffic", etc. And then you can define a set of rules
to override those default policies, such as "accept connections from the
internet zone to the local zone on port 80".
The config files are incredibly readable, but it still gives you a very
deep amount of control, down to configuring source-nat port forwards
with a single line and other neat stuff.
It's at http://www.shorewall.net/ -- if you're interested in upgrading
to iptables for proper stateful firewalling, it's definitely a nifty
tool...
It's not as simple as, say, pmfirewall, but it's considerably more
powerful and editable.
--
Ben Reed a.k.a. Ranger Rick (ranger at befunk.com)
http://defiance.dyndns.org/ / http://radio.scenespot.org/
...if humanoids eat chicken, then obviously they'd eat their own
species. Otherwise they'd just be picking on the chickens. -- Kryten
More information about the TriLUG
mailing list