| 1 |
forgottenwizard schrieb: |
| 2 |
> On 00:24 Sun 05 Apr, gigli wrote: |
| 3 |
>> Hi |
| 4 |
>> |
| 5 |
>> I wonder if there is any easy firewall for gentoo. I tried ubuntu for a |
| 6 |
>> while and used their ufw, which was very simple. |
| 7 |
>> |
| 8 |
>> My needs: |
| 9 |
>> |
| 10 |
>> Block incoming traffic except for sshd and https (and sometimes |
| 11 |
>> bittorrent) and allow my lan to connect to my samba share, mythtv and |
| 12 |
>> mysql when i use openvpn or allways, which would be easyist. My box is |
| 13 |
>> usually protected by pfsense. |
| 14 |
>> |
| 15 |
>> I have a hard time to understand iptables and i have tried guarddog and |
| 16 |
>> kmyfirewall and others, didn't really like them. Something like ufw |
| 17 |
>> would be nice. |
| 18 |
>> |
| 19 |
[...] |
| 20 |
> |
| 21 |
> As for software, you could look into Shorewall and see if that works for you. |
| 22 |
> |
| 23 |
|
| 24 |
I second that recommendation. Shorewall is a really great piece of |
| 25 |
software: a lot of functionality paired with a lot of documentation. |
| 26 |
|
| 27 |
It has got support for OpenVPN and macros for most common services |
| 28 |
(which makes it a matter of maybe a minute to add a rule for a new service). |
| 29 |
|
| 30 |
The only downside I see is that it compiles many rules which wouldn't be |
| 31 |
strictly necessary and therefore needs a lot of kernel modules to start |
| 32 |
(and it doesn't always give helpful error messages when it misses a module). |
Archives