1 |
Please search freshmeat for iptables scripts. Please understand that they're |
2 |
mostly just that-- scripts. Mostly they work top-down, with a few variables |
3 |
you can edit applicable to your setup. Its easy enough to understand. There |
4 |
are a zillion things you can do with the netfilter framework, its very robust. |
5 |
To provide some kind of gentoo firewall is, hmm, well silly. Its %100 |
6 |
configuration. This is not the domain of a 'package', 'rpm' or ebuild. It is the |
7 |
domain of a system administrator. If you are operating a Linux box then you |
8 |
are automatically a system administrator. Cool huh!? :-) |
9 |
|
10 |
This list is not the place for this type of stuff IHMO. This is not a howto-list. |
11 |
I mean no disrespect. Please dont take any offense. |
12 |
|
13 |
What gentoo provides is a nice framework for inserting your firewall script |
14 |
into the init system. At least on rc5 there was an initfile specifically for that |
15 |
purpose. Actually we neednt provide any more than just that! Ie: provide |
16 |
a slot for a firewall script to run. I think the rc5 one ran after all non-local |
17 |
interfaces were brought up, its been so long since I changed my firewall |
18 |
box that I cant remember anymore :) The nice thing about that approach |
19 |
is that you could always just source it, and run the function it was enclosed |
20 |
in if you needed to run it again. Simple, slick, sufficient. |
21 |
|
22 |
Please read up on packet filtering. Microsoft Internet Connection sharing |
23 |
is not a simple hack. Its a lot of work to provide a simple, robust interface |
24 |
to newbies who want to share an internet connection. I would remind you |
25 |
that they basically *didnt* even write it. They bought out the company that |
26 |
*did* write it. It used to be a product called NAT1000 for Windows NT, |
27 |
and sure enough, it started to sell like hotcakes. Naturally, Micro$loth |
28 |
being the anti-competitive juggernaut that it is, swallowed them up, and |
29 |
started tossing it in with Windows 98 Second Edition. |
30 |
|
31 |
There is simply sooo many different variants of these 'firewall scripts' on |
32 |
freshmeat that it would be silly to try to come up with a 'here, this does it |
33 |
for everybody'. It is the obligation of the system administrator. Again, like |
34 |
I said, it is %100 configuration, with many peices in the *kernel*. This is |
35 |
not the domain of a 'package'. If it helps you, Im personally using a |
36 |
modified version of something I grabbed from freshmeat. Good Luck. |
37 |
|
38 |
Of course Id be willing to send you a copy if you wish. |
39 |
|
40 |
Cheers |
41 |
-- |
42 |
Donny |