keeping some pcs off the net
Warren Togami
warren at togami.com
Thu Sep 6 21:13:58 PDT 2001
I agree with everything said here, except "no one can seem to use it
properly with out this Montha script". This is not entirely accurate.
There are many scripts out there commonly used, some even better than
MonMotha's iptables script.
Just to name a few...
http://freshmeat.net/projects/agt/
http://freshmeat.net/projects/alfandega/
http://freshmeat.net/projects/dynfw/
http://freshmeat.net/projects/easytables/
http://freshmeat.net/projects/endoshield/
http://freshmeat.net/projects/fbuilderplus/
http://freshmeat.net/projects/ferm/
http://freshmeat.net/projects/fwbuilder/
http://freshmeat.net/projects/iptablesfwscript/
http://freshmeat.net/projects/rc.firewall.iptables/
http://freshmeat.net/projects/iptables-tutorial/
http://freshmeat.net/projects/joseph/
This one in particular looks interesting, although it is in early
development "A netfilter configuration tool which parses English-like
config files."
http://freshmeat.net/projects/knetfilter/
This too. Check out the screenshot.
http://freshmeat.net/projects/levy/
http://freshmeat.net/projects/narc/
http://freshmeat.net/projects/pcxfirewall/
http://freshmeat.net/projects/scipfire/
http://freshmeat.net/projects/iptablesscript/
http://freshmeat.net/projects/shorewall/
http://freshmeat.net/projects/startupserver/ (check out the screen shot)
http://freshmeat.net/projects/tuxas-firewall/
What does this mean? This means you have lots of to choose from, and the
better scripts have thousands of testers and hundreds of developers to be
sure that they are secure and at the same time featureful.
I personally like MonMotha's script because it is simple to setup, and has
all the features that I need. A few times it didn't have a feature that I
needed (like Starcraft connection tracking) so I wrote it, and the author
will soon incorporate it as an option. In the mean time people can download
my Starcraft add-on script from MPLUG.
Almost every week other developers send him new features in this fashion to
add to the script. If they are "obviously correct" they are added to the
latest beta version. Sometimes they cause subtle conflicts or problems, and
these are reported and fixed quickly. When they go several weeks without
any complaints, then the resulting script is considered "stable" and posted
to the MonMotha mirrors (one is MPLUG). This kind of process means that
people can use featureful and well tested scripts.
----- Original Message -----
From: "Dusty" <dusty at sandust.com>
To: "Linux & Unix Advocates & Users" <luau at list.luau.hi.net>
Sent: Thursday, September 06, 2001 1:24 PM
Subject: [luau] Re: keeping some pcs off the net
> You can actually do this better and easier with BSD (in my less than
humble opinion, but I don't like netfilter, and since no one can seem to use
it properly with out this Montha script, most shouldn't). IPfilter is much
easier to use than Netfilter and just as powerful.
>
> FreeBSD, NetBSD, and my personal favorite OpenBSD all should run fine on
your P75 and run most Linux apps if you decided to completely switch (I
can't really recomend that).
>
> Why do you need BSD for school?
>
> Solaris is okay in the data center and good to play with to learn and you
can put IPfilter (the firewall useable by all *nixes (BSD, Solaris, SunOS,
Irix, HP-UX, etc) except Linux) on it, but I can't recomend it for home use.
And Solaris hasn't been BSD since SunOS became Solaris, if I remember
correctly. They still have alot of backwards compatability, but Solaris 8
is Sys V.
>
> For a desktop Mandrake is possibly the best choice. I would stick with
that and put OpenBSD on your P75 and make it your firewall, router, etc....
>
> Dusty
More information about the LUAU
mailing list