On 4/7/2010 7:26 PM, Adam Morris wrote:
> I would recommend taking a look at Shorewall 
> <http://www.shorewall.net/>.  I can't stand dealing with IPTables myself 
> but Shorewall simplifies the process.  Its still not as easy as some of 
> the GUI tools such as Firestarter, but once you read through the 
> tutorials and the getting started guides then you should be able to 
> perform most things pretty easily.
It took a while to figure out the roles that each config file
(rules/interfaces/policy/shorewall.conf) plays, but once I had that
down, it wasn't too difficult to set things up, so thanks!
Three questions:
Is there any reason not to use REJECT instead of DROP? Timing out could
be indicative of other problems, whereas if the client acts as though
the host is unreachable, I know I'm being locked out by the firewall.
Is it safe to have all ports above 10000 open to the public in order to
allow the server to act as a seedbox as long as transmission-daemon is
the only service listening on those ports?
How should I handle trusted users who have dynamic IPs without allowing
everyone who uses the same ISP as they do?