-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 technomage wrote: > btw, anything for the 2.6 kernel set I should be aware of? Not that I am aware of, but I am still running a 2.4 kernel on my firewall. You need to be sure you are compiling for the correct version of iptables. My Mdk 10.0 workstation (kernel 2.6.3-19mdk) has iptables 1.2.9. I run the fwbuilder program here but I am compiling for my firewall, which has an older version of iptables so I have to select version (1.2.6 - 1.2.8) on the firewall tab. It took me about a week to get up to speed w/ fwbuilder. I built a box with 8 IP addresses and 5 NICs tho ;-) It really seemed to help a little by messing with the wizard to make a basic set, and it usually created something usable for a basic setup with 2 or 3 NICs. It will give you a working example that you can save away, modify, save , modify, then revert back to if you break something. One check box checked wrong on a tab somewhere will kill you. When I upgraded my workstation, I installed a newer version of fwbuilder. It seemed to open my old xml files fine but it had an additional check box on one of the tabs that I didn't notice at first. The first time I made a change to the firewall, using the new version, I broke it. The default setting of the new check box had broken things. I took screen shots and compared the two versions to find it. ;-) Once I had a working system, and had looked at the output script, I changed the way that I wrote my rules so that the resulting script was better. Stick comments anywhere you can in your objects, interfaces, hosts, etc.. They end up in your output script and make it a lot easier to see what it is (and you were) doing. I still say....fwbuilder rocks! If you want to give me more detailed info off-list, I can try to help you with your policy(s). - -- KevinO Go placidly amid the noise and waste, and remember what value there may be in owning a piece thereof. -- National Lampoon, "Deteriorata" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBhJXrI3MJ/OwKti0RArlnAKCprYn780XTpajtmTac+EIbSKoNaACePPbL 84TVwzksOkl7qEtgoYNjbCc= =aSg9 -----END PGP SIGNATURE----- --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss