[CentOS] Re: Firewall frustration

Tom Diehl tdiehl at rogueind.com
Mon Dec 31 16:03:26 UTC 2007


On Mon, 31 Dec 2007, Robert Moskowitz wrote:

> Well FWbuilder is NOT easy.

I disagree but to each his own.

> The documentation does not match the current GUI.

I have not looked at the docs lately, but Vadam used to be pretty good at
keeping the docs updated. There is also a mailing list you can subscribe to.
As long as you ask intelligent questions you will usually get good answers.

>  Now the box is locked up.  I will have to pull it again, hook it up to 
> a kybd/VGA and reset iptables....

To prevent that in the future set the managment ip address on the firewall
object. That way fwbuilder will always allow ssh access from that machine no
matter how bad you hose the rules.

Keep in mind that any of the firewall managment systems mentioned can/will also
lock you out if misconfigured.

>
> Maybe Shoreline with webmin....
>
> Problem is I want a REAL router/firewall with little work.  Both public and 
> private nets have routable addresses.  No NATing for me!  I just help write 
> the RFC ;)  And all the templates for fwbuilder want you to be using NATing.
>
> Perhaps I should just set up another Astaro firewall.  I have been using 
> Astaro since v3, so I am comfortable with it....

Why reinvent the wheel? Use what you are comfortable with. For me that is
fwbuilder but for you that sounds like it is Astaro.

Regards,

-- 
Tom Diehl		tdiehl at rogueind.com		Spamtrap address mtd123 at rogueind.com



More information about the CentOS mailing list