[lug] Personal Server Behind DSL Router

karl horlen horlenkarl at yahoo.com
Fri Jan 12 01:32:18 MST 2007

> Not entirely true..  A good set of rules should
> still be doing traffic
> accounting, rate-limiting and filtering for
> rfc-1918, martians, bogons,
> xmas tree packets, etc.  Outside of that, the
> logging can be invaluable.
>  Getting logs showing traffic to ports that aren't
> supposed to be
> publicly accessible are usually one of the first way
> to know someone's
> getting past your border router.  NAT hacking isn't
> beyond the more
> advanced script-kiddies these days.

Good points.  I forgot firewalls can have log rules as
well as just pure filtering.

> I haven't tried fwbuilder yet but it does look nice.
>  Especially the
> multiplatform capabilities.  Shorewall took a little
> while to learn the
> first time but it's been nice as a quick text based
> tool since I run
> nearly all my servers headless.

Are firewalls like shorewall and fwbuilder just high
level interfaces to iptables and the kernel packet
filter or are they entirely different beasts?

I ask because nobody in this thread is mentioning
iptables which I thought was the defacto linux
firewall.  And I'm wondering if there is any benefit
to using one versus the other?

Sucker-punch spam with award-winning protection. 
Try the free Yahoo! Mail Beta.

More information about the LUG mailing list