On 1/19/2009 8:28 PM, Jun Salen wrote: > I am not familiar with the commands of IPtables so I want use tools on top of it. What do you suggest. Can I make test of it inside CentOS on top of VMWare server with only one LAN inteface? I try to use Pfsense, I believe it has easy to understand GUI but it fails to install on my desktop machine to test, maybe due to hardware comaptibility. Kernel panic during boot even after disabling ACPI. If you have suggestion on tools or template for Iptables to suggest or share, please do. Thank you very much. > Shorewall http://www.shorewall.net/ There are "redhat" RPMs available that work wonderfully on CentOS. It is a pleasant step up from managing the iptables manually. "The Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities." [1] "Shorewall is not the easiest to use of the available iptables configuration tools but I believe that it is the most flexible and powerful. So if you are looking for a simple point-and-click set-and-forget Linux firewall solution that requires a minimum of networking knowledge, I would encourage you to check out the following alternatives:" [1] * kmyfirewall * firestarter [1] http://www.shorewall.net/Introduction.html