> You could get something close to Zone Alarm (minus the application > permissions stuff) with a very short iptables script which set the > policies for INPUT and FORWARD to DROP, and OUTPUT to ACCEPT, and adding > a couple of rules for allowing related and established connections on > the INPUT chain. I'm sure there are basic HOWTOs on this floating > around - google for something like "iptables introduction" and you > should find some good hits.
Actually, that's sort of what the "firestarter" (and probably the other firewall packages?) does - it generates a control script with a bunch of "iptables" entries. And, you're right, there are plenty of sample scripts, etc. available. But thus far, it's the application permissions (and some of the logging) that escapes me. The problem is, I'm lazy and would rather find something already implemented, if possible. But if no such thing exists, I'll eventually hack something together. (Which defines the real issue: how do I prove that no such thing exists? Didn't Aristotle have something to say about that??) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]