On Tue, 2004-11-02 at 10:15 -0600, Gerry Tool wrote: > Rodolfo J. Paiz wrote: > > >On Mon, 2004-11-01 at 22:38 -0500, Phil Schaffner wrote: > > > > > >>Setting eth0 as a trusted device (comment 33 in BZ 133064) is > >>essentially the same as turning off the firewall if that is your only > >>interface. Good firewall rules would be preferable, unless you REALLY > >>trust your hardware firewall. Which begs the question - what is a good > >>firewall tool for FC3? Have been unable to get firestarter to work. > >>Compiles, but hangs when executed. > >> > >> > >> > > > >Shorewall (www.shorewall.net). Text files to hold configuration, so no > >cute GUI but you do get to access and modify it via SSH. Secure, > >reliable, easy to learn and use, very very powerful. 5-star tool. Well > >supported and documented, even. > > > >Cheers, > > > > > > > Thanks to Phil for the comments and to Rodolfo for the link. I have > decided to go the safe route and have ordered a copy of "Red Hat Linux > Firewalls" by Bill McCarty. I will also try out shorewall. Well, checked out shorewall and it does indeed seem powerful and thoroughly documented, but is overkill for my little home network requirements, plus must admit to having gotten used to the Firestarter cute GUI - a tough admission from an old command-line guy. Anyway, had another look around and found the new 1.0 beta release (Firestarter 0.9.9b3.2) with a .src.rpm. Had previously tried the one from Fedora.US. The rpm builds and seems to work (-: plus it has the cute penguin with the match ;^). Still don't see an option for the LPD port explicitly, but you can at least add services by name or port for individual hosts or networks. May be worth a look. Phil