* Steve Lamb ([EMAIL PROTECTED]) wrote: enough. What isn't it covering? How do I know?) > > Uh, by testing? It is far easier to set something up and test it than it > is to learn the whole freakin' system from scratch. From what I've seen of > your setup Shorewall would hand it trivially. Define 4 interfaces, define > policy for those interfaces, define rules for which you need exceptions to > policy. Done. > I beg to differ. When I installed shorewall, it gave some not-very-comprehensible options, and then did not give me what I wanted or needed. Nothing was going to get in, but it managed to prevent me from getting out, mis-assigned the interfaces, and was generally a PITA. I wiped it, and went back to adapting what I knew from ipchains. It wasn't easy at first to work directly from iptables, but once you wrap your head around the concepts, and have a look at scripts done by other people, it goes fairly well.
Cam -- Cam Ellison Ph.D. R.Psych. From Roberts Creek on B.C.'s incomparable Sunshine Coast cam(at)ellisonet(dot)ca camellison(at)dccnet(dot)com cam(at)fleuryassociates(dot)com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
