[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Steves genfw firewall script...

To: silug-discuss@silug.org
Subject: Re: Steves genfw firewall script...
From: mike808@users.sourceforge.net
Date: Tue, 15 Apr 2003 04:03:48 GMT
Organization: Southern Illinois Linux Users Group
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org

> On Tue, Apr 15, 2003 at 02:44:11AM +0000, mike808@users.sourceforge.net wrote:
> > Steve's pretty much it for your support options if you insist on using
> > genfw. I'm not knocking it, I'm sure it's useful to Steve.
> 
> It is.  Quite.
> 
> My script has two things going for it.  First, it makes configuration
> of a basic firewall about as simple as it can possibly be.

I found Shorewall's configs just as easy to setup a default installation.
Tom even provides sample config settings for a 1, 2, and 3 NIC setup.
Although a 1-NIC firewall isn't very interesting per se. And there
are examples and how-tos to make is simple for some not-so-simple tasks
like setting up a VPN using IPsec tunnels or virtual interfaces.

> Second, while the rules on a complex firewall are going to get, well,
> complex quite quickly, using my script is usually as simple as just
> adding another line to the rules file for each interface.

Same for Shorewall (although he abstracts NICs into "zones", and you
add another line in the rules file for a zone).

> The script handles the rest.

As does Shorewall (which is a shell script, too).

> I've been using genfw for client firewalls for a couple of years now.
> Granted, the maybe half-dozen people that I'm aware of using it aren't
> a *huge* user base, but so far it seems to work well for everyone...

Well, since Mandrake includes Shorewall as it's firewall tool in MDK9.0 and
the new MDK9.1, I'd have to say that's *a lot* more eyeballs on the code
and a much bigger user base. And there's even a Webmin module for folks
that like that sort of thing (although it's pretty rudimentary now).

Like I said, I'm sure it works great for Steve. I just prefer a more robust
tool that is simple to understand, is well documented, widely used, has
a very active community surrounding it, and still scales to handle the
really, really hairy configurations - without losing it's understandability.
And it's that last part that makes Shorewall really stand out.

And did I mention the extensive documentation that explains what it is that
your firewall is doing, not just various options and settings?

http://www.shorewall.net/

Mike808/

---------------------------------------------
http://www.valuenet.net

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

Prev by Date: Re: Steves genfw firewall script...
Next by Date: Doing good and preventing bad
Prev by thread: Re: Steves genfw firewall script...
Next by thread: OT: employment
Index(es):
- Date
- Thread