On Fri, 7 Aug 2009, James B. Byrne wrote: > I am setting up a small CentOS-5.3 host to act as a router. I have > the device configured and working. What I am trying to accomplish > now is configuring the firewall so as to protect both the router and > the LAN. [....] In the past, I'd have tried to craft the iptables rules by hand. Now, older and lazier, I rely on shorewall. Shorewall generally produces pretty good rules. You can "compile" your logic to iptables rules without implementing them, so you could use shorewall to generate a set of rules that essentially do what you want, look them over, and then revise/implement the ones you like. -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/