| 1 |
Florian Philipp skrev: |
| 2 |
> forgottenwizard schrieb: |
| 3 |
>> On 00:24 Sun 05 Apr, gigli wrote: |
| 4 |
>>> Hi |
| 5 |
>>> |
| 6 |
>>> I wonder if there is any easy firewall for gentoo. I tried ubuntu for a |
| 7 |
>>> while and used their ufw, which was very simple. |
| 8 |
>>> |
| 9 |
>>> My needs: |
| 10 |
>>> |
| 11 |
>>> Block incoming traffic except for sshd and https (and sometimes |
| 12 |
>>> bittorrent) and allow my lan to connect to my samba share, mythtv and |
| 13 |
>>> mysql when i use openvpn or allways, which would be easyist. My box is |
| 14 |
>>> usually protected by pfsense. |
| 15 |
>>> |
| 16 |
>>> I have a hard time to understand iptables and i have tried guarddog and |
| 17 |
>>> kmyfirewall and others, didn't really like them. Something like ufw |
| 18 |
>>> would be nice. |
| 19 |
>>> |
| 20 |
> [...] |
| 21 |
>> As for software, you could look into Shorewall and see if that works for you. |
| 22 |
>> |
| 23 |
> |
| 24 |
> I second that recommendation. Shorewall is a really great piece of |
| 25 |
> software: a lot of functionality paired with a lot of documentation. |
| 26 |
> |
| 27 |
> It has got support for OpenVPN and macros for most common services |
| 28 |
> (which makes it a matter of maybe a minute to add a rule for a new service). |
| 29 |
> |
| 30 |
> The only downside I see is that it compiles many rules which wouldn't be |
| 31 |
> strictly necessary and therefore needs a lot of kernel modules to start |
| 32 |
> (and it doesn't always give helpful error messages when it misses a module). |
| 33 |
> |
| 34 |
Thanks for the answers, i will give shorewall a new try and hope i'll |
| 35 |
make better progress thsi time |
Archives