[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Simon Waters wrote: | | Guarddog looks suitable to me - but I'm missing something basic. | | I can't get it to allow DNS from my local wired network to the local | server.
| Does Guarddog always give the error/warning; | | iptables: No chain/target/match by that name
Guarddog and Guidedog needs some specific modules for the iptables stuff to work correctly, and fail in funny ways if they aren't available (or if they are built into the kernel rather than built as modules).
Haven't looked too deeply at the iptable rules it spits out, but then my security isn't just at that one layer so I'm not that paranoid about packets that sneak through only to be told to go away at the level above. Still I built a more sophisticated set of rules using these tools than I would have done by hand, so I suspect the resulting firewall is of a similar level of quality, but without the hardwork (if you exclude a couple of kernel rebuilds - bespoke kernel for some wacky hardware).
It is still packet filtering, but at least it is good value packet filtering unlike some firewalls we could mention.
~ Simon -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFAvldUGFXfHI9FVgYRAocPAKDCp0IJhTd53QQopplaK8NO9Ejh7gCcC/Qe s48CHf/w/pvEZVCpMNVrA+E= =e+AB -----END PGP SIGNATURE-----
-- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.