Wolfgang Rosenauer wrote: > Hi, > Hi, > for smaller installations (using a Linux gateway) I used to use > SuSEfirewall2 which basically has everything I needed so far. > > Now I'd something for another usecase: > An old Linux gateway (with SuSEfirewall) got a hardware gateway in front > of it now which blocks traffic from outside. So there is no need anymore > to do extensive filtering and also masquerading on the old gateway while > it's still there as kind of second stage hiding the internal network > behind it. > Now I still need to control which traffic is allowed from the inside to > the internet which was done via FW_MASQ_NETS in SF2. > Since I want to get rid of a second masquerading, SuSEfirewall has no > mechanism to control this traffic anymore. > > Now I could write all iptables rules on my own (which is possible but > I'm kind of lazy in that case) but I wonder if there is no other simple > iptables "generator" outside which does it already. > > I plan to look at shorewall but thought I'd just ask here for > recommendations. Also try Firewall Builder at http://www.fwbuilder.org/ Since the v2.1.12 version, is able to import your existing iptables configurations, witch is a nice thing to upgrade your existing machines as well. Also has an excellent GUI.
> > Thanks, > Wolfgang -- Rui Santos http://www.ruisantos.com/ Veni, vidi, Linux! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]