On Tue, Aug 18, 2009 at 06:17:47PM -0500, Dan Farrell wrote > I too am a minimalist but I think you've got iptables misidentified. > It has lots of features; that's not the same as saying it's bloated. > More like the linux kernel (and in fact it _is_, as others have said, > the linux kernel) - it supports a lot of different functionality. If > you don't want a particular capability, disable it in the kernel.
Alan and Dan I can set rules OK. My problem is figuring out which capabilities to build or not build in order to create a firewall. I.e. I need a menuconfig guide not an iptables rules front end. > If you want a quick firewall setup, use > http://spore.ath.cx/~dan/doc/home-firewall.html. It's what I use and > my step by step guide should save you a bit of effort. OK I'll follow your section listing for most of the necessary menuconfig items, but I'll drop the NAT support. Is there any reason you build modules rather than directly into the kernel? Last minute addendum; saying "No" to [ ] Advanced netfilter configuration greatly reduces the number of options showing up. I think this is what I was looking for. -- Walter Dnes <waltd...@waltdnes.org>