1 |
On 2018-02-28 13:28, Jorge Almeida wrote: |
2 |
|
3 |
> > Is there something besides iptables? It seems to be like |
4 |
> > systemd/perl/python, continuously expanding its scope. And no, I'm |
5 |
> > not looking for an "easy-peasy front-end gui" that'll probably pull |
6 |
> > in 90% of QT as dependancies. I fondly remember IPCHAINS. |
7 |
> |
8 |
> shorewall seems to be the most powerful one. Lots of documentation, |
9 |
> configured via text files. firehol is much simpler to use, but less |
10 |
> well documented and the mailing list doesn't show much life. None has |
11 |
> any useless GUI. I find both usable. |
12 |
> |
13 |
> I would just use iptables if I were iptables-wise enough. |
14 |
|
15 |
Isn't iptables (the userspace program) just a very thin wrapper over the |
16 |
underlying kernel interface (netfilter)? AFAIK there is no other kernel |
17 |
interface, at least not in stable kernels, so all the other packages |
18 |
just abstract and simplify it more - I would not consider that reduction |
19 |
of scope. |
20 |
|
21 |
I actually like iptables, of course I'll never learn about _all_ its |
22 |
features, but I've already used some not quite trivial ones. |
23 |
|
24 |
-- |
25 |
Please don't Cc: me privately on mailing lists and Usenet, |
26 |
if you also post the followup to the list or newsgroup. |
27 |
To reply privately _only_ on Usenet and on broken lists |
28 |
which rewrite From, fetch the TXT record for no-use.mooo.com. |