On Wed, 2004-11-03 at 00:18 -0600, Rodolfo J. Paiz wrote: > On Tue, 2004-11-02 at 23:53 -0500, Phil Schaffner wrote: > > Well, checked out shorewall and it does indeed seem powerful and > > thoroughly documented, but is overkill for my little home network > > requirements, plus must admit to having gotten used to the Firestarter > > cute GUI - a tough admission from an old command-line guy. > > You are more than welcome to keep Firestarter. No one tool is suitable > for all tasks. However, should you desire to attempt Shorewall, let me > offer (from memory, so not 100% guaranteed!) a quick-quick-start: > > 1. Create a "net" and a "loc" zone in zones file. Probably already > there, not much to do. If not there, format is "net Net Internet" and > "loc Local Local Zone". > > 2. Write "eth0 net" and "eth1 loc" lines in interfaces file. Check that > eth0 is actually your outside interface, adjust to needs. For reference, > since my Internet access (external) interface gets its address via DHCP, > mine actually say: > > net eth0 detect blacklist,dhcp > loc eth1 detect > ... snip ... Very nice guide to augment quickstart docs. Will pass it on to the admin at work, and may help the OP; although looks like he may have the same single-Ethernet setup I have. For a simple end-user firewall to backup in case any bad guys get through the router, will stick with Firestarter, now that it works again. Thanks for being so helpful. Cheers, Phil