| 1 |
Please search freshmeat for iptables scripts. Please understand that they're |
| 2 |
mostly just that-- scripts. Mostly they work top-down, with a few variables |
| 3 |
you can edit applicable to your setup. Its easy enough to understand. There |
| 4 |
are a zillion things you can do with the netfilter framework, its very robust. |
| 5 |
To provide some kind of gentoo firewall is, hmm, well silly. Its %100 |
| 6 |
configuration. This is not the domain of a 'package', 'rpm' or ebuild. It is the |
| 7 |
domain of a system administrator. If you are operating a Linux box then you |
| 8 |
are automatically a system administrator. Cool huh!? :-) |
| 9 |
|
| 10 |
This list is not the place for this type of stuff IHMO. This is not a howto-list. |
| 11 |
I mean no disrespect. Please dont take any offense. |
| 12 |
|
| 13 |
What gentoo provides is a nice framework for inserting your firewall script |
| 14 |
into the init system. At least on rc5 there was an initfile specifically for that |
| 15 |
purpose. Actually we neednt provide any more than just that! Ie: provide |
| 16 |
a slot for a firewall script to run. I think the rc5 one ran after all non-local |
| 17 |
interfaces were brought up, its been so long since I changed my firewall |
| 18 |
box that I cant remember anymore :) The nice thing about that approach |
| 19 |
is that you could always just source it, and run the function it was enclosed |
| 20 |
in if you needed to run it again. Simple, slick, sufficient. |
| 21 |
|
| 22 |
Please read up on packet filtering. Microsoft Internet Connection sharing |
| 23 |
is not a simple hack. Its a lot of work to provide a simple, robust interface |
| 24 |
to newbies who want to share an internet connection. I would remind you |
| 25 |
that they basically *didnt* even write it. They bought out the company that |
| 26 |
*did* write it. It used to be a product called NAT1000 for Windows NT, |
| 27 |
and sure enough, it started to sell like hotcakes. Naturally, Micro$loth |
| 28 |
being the anti-competitive juggernaut that it is, swallowed them up, and |
| 29 |
started tossing it in with Windows 98 Second Edition. |
| 30 |
|
| 31 |
There is simply sooo many different variants of these 'firewall scripts' on |
| 32 |
freshmeat that it would be silly to try to come up with a 'here, this does it |
| 33 |
for everybody'. It is the obligation of the system administrator. Again, like |
| 34 |
I said, it is %100 configuration, with many peices in the *kernel*. This is |
| 35 |
not the domain of a 'package'. If it helps you, Im personally using a |
| 36 |
modified version of something I grabbed from freshmeat. Good Luck. |
| 37 |
|
| 38 |
Of course Id be willing to send you a copy if you wish. |
| 39 |
|
| 40 |
Cheers |
| 41 |
-- |
| 42 |
Donny |
Archives