[Dshield] Configuring iptables; need favorite port lists

Kenneth Porter shiva at sewingwitch.com
Mon Jun 23 03:21:17 GMT 2003


--On Wednesday, June 18, 2003 3:08 AM -0700 John Sage 
<jsage at finchhaven.com> wrote:

> Well, my firewall doesn't run X, so I can't be GUI, and I've never
> been a fan of script-built firewalls.

fwbuilder doesn't need to run on the firewall. You can run it on any 
convenient box with an X display. The only downside is that it won't be 
able to automatically populate some of the settings by querying the current 
system. You'll need to enter those manually.

Once the script is generated, you can either scp it to your firewall or run 
a companion daemon program on the firewall.

This one's hand-crafted via good 'ol emacs :-/

For a person new to iptables, using a script-writer is good to generate the 
initial firewall. It can then be augmented with emacs. This eliminates the 
problem of getting the syntax right on your first attempt, while still 
allowing you to add tricky things later. It's like using a roller to paint 
a room, and then a small brush to do the "cut in" around the moldings. 
Don't rule out the easy-to-use tools just because they can't do the whole 
job.




More information about the list mailing list