[Melbourne-pm] Assorted follow-ups from Melbourne Pub Mongers

Daniel Pittman daniel at rimspace.net
Sun Mar 16 18:39:11 PDT 2008


Alec Clews <alecclews at gmail.com> writes:

> The FireHOL iptables configuration tool is at
> http://firehol.sourceforge.net/
>
> (Paul mentioned how brilliant it was and making a note here means I
> can throw the away the piece of paper he gave me)

Mmmm.  Mostly brilliant; it could use someone rewriting it to generate
stand-alone scripts for building the firewall[1] rather than requiring
the whole shebang in place, but it is still my first choice.

The only other comparable option is shorewall, which is for people who
love having ten different and incomprehensible "declarative" files to
configure their firewall.

        Daniel

But it does have the static compiler, so it isn't all bad.
(Plus, obPerl: they use a Perl compiler in Shorewall. :)

Footnotes: 
[1]  ideally through an iptables-restore equivalent, which is atomic.



More information about the Melbourne-pm mailing list