[CentOS] Firewall frustration
John R Pierce
pierce at hogranch.comMon Dec 31 17:03:35 UTC 2007
- Previous message: [CentOS] Firewall frustration
- Next message: [CentOS] Firewall frustration
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Robert Spangler wrote: > While IPTABLES might be CHEAP (price) it is a very good firewall. > Learn to set it up from the command line, it isn't that hard. > Try the following to learn it; > > http://iptables.rlworkman.net/chunkyhtml/index.html > > Forget those GUI interfaces. > > one thing that bugs me about most canned iptables rulesets, including the ones generated by most of those GUI packages, is that they are way more complex than needed, its like they are trying to reinvent the entire tcp stack. eg: you really don't need to reject non-SYN packets on unopened connections, tcp will do that quite nicely on its own and far more efficiently than a pile of iptables rules.
- Previous message: [CentOS] Firewall frustration
- Next message: [CentOS] Firewall frustration
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list