Re: Steves genfw firewall script...

[Steven Pritchard <steve@silug.org>]

On Tue, Apr 15, 2003 at 02:44:11AM +0000, mike808@users.sourceforge.net wrote:
> Steve's pretty much it for your support options if you insist on using
> genfw. I'm not knocking it, I'm sure it's useful to Steve.

It is.  Quite.

My script has two things going for it.  First, it makes configuration
of a basic firewall about as simple as it can possibly be.  In
William's case, his /etc/sysconfig/genfw/rules will probably look
something like this:

    int eth0 trusted nat
    out eth1

Second, while the rules on a complex firewall are going to get, well,
complex quite quickly, using my script is usually as simple as just
adding another line to the rules file for each interface.  The script
handles the rest.  (I have one box with 26 network interfaces not
including lo where genfw generates 8410 iptables commands.  The rules
file is 30 lines long.)

I've been using genfw for client firewalls for a couple of years now.
Granted, the maybe half-dozen people that I'm aware of using it aren't
a *huge* user base, but so far it seems to work well for everyone...

> Oh, and there's RPMs available too.

Ditto for my stuff.  :-)  (And it is in the kspei apt repository,
although not this latest version until it gets some testing.)

Steve
-- 
steve@silug.org           | Southern Illinois Linux Users Group
(618)398-7360             | See web site for meeting details.
Steven Pritchard          | http://www.silug.org/

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.