On 05/01/2013 15:25, Ryan Wagoner wrote: > > Or don't use CentOS at all and try OpenBSD & PF. The syntax is much > cleaner and easier to maintain than Netfilter/IPTables and it works pretty > darn well. ;) > > If you want to stick with linux look at Vyatta. I have 5 production > installs (3 physical and 3 VMs) and upgrades have been flawless. The config > resides in one file and the console has a Juniper style syntax. > > On a similar vein, I use pfsense as a Firewall (FreeBSD derivative) Has many features and Web GUI configuration. Seems to really do the trick for me. I tend to only use the iptables firewall in Centos for host based firewalling (basically I only edit the INPUT table), for multi-homed dedicated firewalls (i.e. using the FORWARD'ing table) something like pfsense really does it nicely. -- Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk giles at coochey.net