> > That's all I'm going to say in the face of all this needlessly insulting > > behaviour. > > Holly, I have not nor do not intend to insult or constipate anyone. > Sincere apologies. However, I find this very strange that published > rulesets do not exist for iptables/netfilter, for simple and common > things lick a home-office router with (3) nics, including LAN, WAN > and DMZ with optional web and dns(internal) servers. If you find my > sharing these thoughts with you, and the 50 times I've had to write > that I'm interested in iptables/netfilters and not shorewall, then > I think you are a bit too sensitive about divergent opinions.
Up to now I haven't really wanted to have someone bounced from the list; but your lack of sensitivity and generally insulting manners make you the first obvious candidate for such a bouncing. > > Good morning, this is the general users list. If you want the security > > experts, try > > > gentoo-security For the discussion of security issues and fixes > > gentoo-hardened For a security hardened version of Gentoo > > You mean I have to go to this group to find detailed documentation > in iptables/netfilter rulesets that are indeed secure, published, > and used in more than one place? Why do you think that iptables/netfilter is exclusive to gentoo? It is a general linux question; iptables is not a product of gentoo. There are no such published, shared rule sets because each site has it's own security requirements and places different priorities upon the rules. Some will prioritize the connection tracking rules above the service rules (to optimize outbound active connections over new service connections) whilst others will prioritize them in the opposite direction. And the services themselves can be prioritized differently. If you really want the down and dirty on iptables, go out and buy "Linux Firewalls" by Ziegler and Constantine. It describes every nook and cranny of iptables. In the mean time, welcome to my kill file. -- gentoo-user@gentoo.org mailing list