[CentOS] Firewall frustration

Mon Dec 31 17:03:35 UTC 2007
John R Pierce <pierce at hogranch.com>

Robert Spangler wrote:
> While IPTABLES might be CHEAP (price) it is a very good firewall.
> Learn to set it up from the command line, it isn't that hard.
> Try the following to learn it;
>
> http://iptables.rlworkman.net/chunkyhtml/index.html
>
> Forget those GUI interfaces.
>
>   


one thing that bugs me about most canned iptables rulesets, including 
the ones generated by most of those GUI packages, is that they are way 
more complex than needed, its like they are trying to reinvent the 
entire tcp stack.   eg: you really don't need to reject non-SYN packets 
on unopened connections, tcp will do that quite nicely on its own and 
far more efficiently than a pile of iptables rules.