On Sat, Mar 03, 2007 at 08:08:36AM +0000, David Hart wrote: > > If you need to manage a half-dozen zones the chances are that you'll > be doing packet filtering on specialized hardware so shorewall will > be of no use. > Well, chances are you don't know what you are talking about. Please go look at some of the shorewall mailing list archives. People implement some very complex configurations with shorewall. Besides, shorewall also allows you to do some neat things like have a layer-2 bridge that also does layer-3 filtering very easily. Doing layer-3 filtering in a layer-2 device is technically a violation of the network model, but is very handy nonetheless.
Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
