On Mon, 31 Dec 2007, Robert Moskowitz wrote: > Well FWbuilder is NOT easy. I disagree but to each his own. > The documentation does not match the current GUI. I have not looked at the docs lately, but Vadam used to be pretty good at keeping the docs updated. There is also a mailing list you can subscribe to. As long as you ask intelligent questions you will usually get good answers. > Now the box is locked up. I will have to pull it again, hook it up to > a kybd/VGA and reset iptables.... To prevent that in the future set the managment ip address on the firewall object. That way fwbuilder will always allow ssh access from that machine no matter how bad you hose the rules. Keep in mind that any of the firewall managment systems mentioned can/will also lock you out if misconfigured. > > Maybe Shoreline with webmin.... > > Problem is I want a REAL router/firewall with little work. Both public and > private nets have routable addresses. No NATing for me! I just help write > the RFC ;) And all the templates for fwbuilder want you to be using NATing. > > Perhaps I should just set up another Astaro firewall. I have been using > Astaro since v3, so I am comfortable with it.... Why reinvent the wheel? Use what you are comfortable with. For me that is fwbuilder but for you that sounds like it is Astaro. Regards, -- Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com