Re: [Hampshire] iptables query

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Sean Gibbins at <-
MMSean Gibbins at ->

Reply to this message
Author: Keith Edmunds
Date:  
To: hampshire
Subject: Re: [Hampshire] iptables query
Life is too short to write iptables rules by hand. We use Shorewall, which
is excellent so long as you're happy with a non-GUI,
configure-by-editing-files tool. I've yet to find anything that it can't
do with iptables; there's excellent documentation, excellent support on
the mailing list, and it is way, way easier to maintain than an list of
iptables commands.

One of our customers has a firewall with ten ethernet interfaces (seven in
use), five different incoming OpenVPN connections, an L2TP/ipsec vpn, and
lots of access restrictions. The thought of managing that type of firewall
(and there's actually two configured as an HA pair) using raw iptables is
scary. Another customer is a school where there is a simple web interface
to toggle the Internet connectivity of each classroom individually, and if
access is allowed then it can optionally route via Dans Guardian. All done
dynamically, again with Shorewall (and ipsets in that case), and again
managing that with raw iptables commands would be a nightmare.

Your problem would be trivial to solve with Shorewall.


This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-[Hampshire] iptables queryRe: [Hampshire] iptables query->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)