Robert Spangler wrote:
While IPTABLES might be CHEAP (price) it is a very good firewall. Learn to set it up from the command line, it isn't that hard. Try the following to learn it; http://iptables.rlworkman.net/chunkyhtml/index.html Forget those GUI interfaces.
one thing that bugs me about most canned iptables rulesets, including the ones generated by most of those GUI packages, is that they are way more complex than needed, its like they are trying to reinvent the entire tcp stack. eg: you really don't need to reject non-SYN packets on unopened connections, tcp will do that quite nicely on its own and far more efficiently than a pile of iptables rules.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
