>> Wouldn't it be easier, cheaper and wiser to ditch Shorewall and either >> manually edit the iptables scripts to allow for either ports to be >> opened or ports to be closed? >> Initially learning the basics to ipchains or iptables is a great thing >> for anyone to KNOW - as it is their "city wall" - and knowing where >> breaches in this wall are, or where to create strategic breaches is >> something I would suggest to everyone that has a *nix box.
I agree. I have read over the IP Tables info ever since NetFilter started and its the first thing that i disable/uninstall on a box. If i want it then i install a new kernel with it built in and then do the config manually. There cant be anything said for doing the GUI vs scripting when it comes down to knowing what the hell is going on. >> Aside from learning the basics to ipchains/iptables, you also start to >> encompass the simplicity of ip masquerading - otherwise known in the M$ >> world as "internet connection sharing" and how that can be used to >> bridge networks - virtual and physical. >> >> IF you know what to do and are armed with the knowledge, it takes merely >> minutes to have your ports opened or closed for whatever reasons - and >> to have "sharing" turned on - it's truly amazing how simple it is - why >> do you think M$ has on Win98 thru WinXP? If it was complex, they'd >> charge for it. Because it's such a simple exercise, though, they've >> stolen the basics from *nix and added it "as a feature". I agree. Even including Cisco routers. My roommate has a Cisco 2500 up and running and always has to consult me on wtf his rules are doing for his ACL's b/c he doesnt understand the basics of his rules. Why he has a Cisco router up instead of me using my p266 when I KNOW IPTables? He needs to learn Cisco for certs.... Rob
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
