Robert Moskowitz wrote: > Firewall is up and running. > > Used Shorewall with Webmin. > > Les Bell wrote: >> Robert Spangler <mlists at zoominternet.net> wrote: >> >> While IPTABLES might be CHEAP (price) it is a very good firewall. >> Learn to set it up from the command line, it isn't that hard. >> << >> >> Amen. I've been using CentOS for firewalls here for a long time now, with >> hand-written rules. Besides, generic firewall configuration tools don't - >> can't - know about many of the more advanced modules and features of >> iptables. > I spent much of the past 24 hours trying to find out how to set up > iptables for firewall routing WITHOUT NATing. Could not find anything. > > So I decided to try out shorewall, which has a front end in Webmin. The > 'nice' thing about this was as I built a portion of Shorewall (say the > zones), I could sue the Webmin edit the conf file directly to see the > 'raw' config file and looky there, a URL for a help page! > > Taking it slow, I got Shorewall up in about 1 hour. > > But I have questions for the Shorewall people. They talk about iptables, > then netfilter. The site says that Shorewall is not a deamon. Well I see > a Shorewall service running. Can't see that is using any cpu cycles or > how much memory. The iptables have the same content they had when I used > the upstream's tool at Centos install time to set up basic 'firewall' > features. So what gives.... There is also an iptables 'service', that doesn't mean there is a deamon. It is a simple way to start the firewall at boot time. Have you checked m0n0wall/pfsense livecd?