> -----Original Message----- > From: Dave Nebinger [mailto:[EMAIL PROTECTED] > Sent: 08 September 2005 17:42 > To: gentoo-user@lists.gentoo.org > Subject: Re: [gentoo-user] Re: iptables example on Gentoo > [snip] > It does generate iptable rules, but they are customized for > shorewall's > purposes. For example, my shorewall setup builds the > following iptables > rules: > > # Generated by iptables-save v1.3.2 on Thu Sep 8 12:32:48 2005 > *nat > :PREROUTING ACCEPT [34942:3100331] > :POSTROUTING ACCEPT [106864:7597940] > :OUTPUT ACCEPT [106858:7597722] > :net_dnat - [0:0] > :w1ad_masq - [0:0] > -A PREROUTING -i w1ad -j net_dnat > -A POSTROUTING -o w1ad -j w1ad_masq > -A net_dnat -p udp -m multiport --dports
What is the "[34942:3100331]" and "[106864:7597940]" references above? > These are all valid rules and are constructed by shorewall. > Would they be > the same if I hand-coded them? Absolutely not. I wouldn't > have so many > custom chains and would probably reorder the rules to give > priorities to > specific services. > > And, I would argue that whilst these rules are valid and do > perform the > firewall chores that I want/need, the format of the rules > would leave a lot > to be desired to try to maintain manually via the command line. If I understand this right: Shorewall, firehol, fwbuilder, etc., 'just-works', but it kludges the iptables? Some of these 'helpers' may also require you to learn some additional scripting format other than the conventional iptables. I guess that's similar to using some HTML WYSIWYG instead of hand coding it yourself. -- Regards, Mick -- gentoo-user@gentoo.org mailing list
