Gentoo Archives: gentoo-dev

From: Chad Huneycutt <chad.huneycutt@×××.org>
To: gentoo-dev@××××××××××.org
Subject: Re: [gentoo-dev] NAT iptables info
Date: Mon, 01 Oct 2001 20:28:40
In Reply to: [gentoo-dev] NAT iptables info by Donny Davies
1 Donny Davies wrote:
3 >To provide some kind of gentoo firewall is, hmm, well silly. Its %100
4 >configuration. This is not the domain of a 'package', 'rpm' or ebuild.
5 >
6 I don't completely agree with this. While questions like "How do I set
7 up a firewall?" are not completely germaine to this mailing list, the
8 above statement is your opinion and open for discussion here. I think
9 that it is a very good idea to provide several basic scripts for common
10 configurations. If they are already out there, then great!, we should
11 include them in an ebuild. It is a much better policy to have the
12 network default to a secure state (such as the Rusty's script that
13 allows no incoming connections) than to leave it wide open, and let the
14 potentially newbie sysadmin get hacked.
16 It would be nice to bring up a semi-secure, masquerading (or whatever
17 they are calling it these days) firewall box with little effort. From
18 there, one can learn about iptables and such things to customize it further.
20 Just some thoughts from someone who hasn't delved into iptables yet,
22 Chad