[Centos] Messing around with iptables
Eric Sorenson
ahpook at gmail.comFri Aug 27 17:49:59 UTC 2004
- Previous message: [Centos] Messing around with iptables
- Next message: [Centos] Messing around with iptables
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sorry chiming in a bit late, but the best iptables scripting tool I've found is firehol: http://firehol.sf.net/ It's actively maintained, makes really tight rules, and provides the right level of abstraction for making obvious what you intend the firewall to do without getting bogged down in the arcana of either a scripting language or iptables. It's especially useful for iptables machines where there's more than one person maintaining the firewall because it keeps the "What the hell were they thinking?!" factor down to a minimum. And, obviously, if you're just getting started in firewalling it's far better to have something you can understand and make small modifications to, rather than blindly ginning up iptables rules -- a bad firewall is worse than no firewall because it gives you a false sense of security. Firehol's "explain" mode prints out the rules it *would* generate for a given directive to help you undertand iptables. And, while we're on the subject, I would be remiss if I didn't include a link to a very helpful diagram for understanding iptables: http://l7-filter.sourceforge.net/PacketFlow.png Cheers -=Eric
- Previous message: [Centos] Messing around with iptables
- Next message: [Centos] Messing around with iptables
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list