Robert Moskowitz wrote:
Firewall is up and running.
Used Shorewall with Webmin.
Les Bell wrote:
Robert Spangler <mlists@xxxxxxxxxxxxxxxx> wrote:
While IPTABLES might be CHEAP (price) it is a very good firewall.
Learn to set it up from the command line, it isn't that hard.
<<
Amen. I've been using CentOS for firewalls here for a long time now, with
hand-written rules. Besides, generic firewall configuration tools don't -
can't - know about many of the more advanced modules and features of
iptables.
I spent much of the past 24 hours trying to find out how to set up
iptables for firewall routing WITHOUT NATing. Could not find anything.
So I decided to try out shorewall, which has a front end in Webmin. The
'nice' thing about this was as I built a portion of Shorewall (say the
zones), I could sue the Webmin edit the conf file directly to see the
'raw' config file and looky there, a URL for a help page!
Taking it slow, I got Shorewall up in about 1 hour.
But I have questions for the Shorewall people. They talk about iptables,
then netfilter. The site says that Shorewall is not a deamon. Well I see
a Shorewall service running. Can't see that is using any cpu cycles or
how much memory. The iptables have the same content they had when I used
the upstream's tool at Centos install time to set up basic 'firewall'
features. So what gives....
There is also an iptables 'service', that doesn't mean there is a
deamon. It is a simple way to start the firewall at boot time.
Have you checked m0n0wall/pfsense livecd?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
