Packet filter's rules are human readable. By human readable, I mean you can look at them, not knowing anything about Packet Filter, and know what the rule does. Packet filter is also being adopted by the other BSD's, if that tells you anything about how good it is. At one point, OpenBSD was my firewall. If OpenBSD was as good about upgrading as Debian is, it would still be my firewall. -Erik On 3/30/06, Craig White wrote: > On Thu, 2006-03-30 at 12:20 -0700, Darrin Chandler wrote: > > Alex Dean wrote: > > > > > I'm using IPCop at home on a PII with 256MB. I haven't use Smoothwall. > > > > > > IPCop is a champ. Farily easy to configure, well documented, and > > > there are lots of free addon packages for doing things like mail or > > > web content filtering. The ipcop-users mailing list is also > > > generally responsive to questions. (Not as friendly as PLUG, though.) > > > > > > alex > > > > > > ps - I haven't yet found an addon package that will support Snort > > > (intrusion detection) logging to MySQL. All you get by default is > > > logging to a text file, which you can read via IPCop's web > > > interface. Not very useful, as you basically have to troll through > > > pages and pages of log entries looking for possible problems. I've > > > turned Snort off until I find a more effective way to analyze its > > > logs. That's maybe a little off topic, but it's the only thing I've > > > yet wanted from IPCop that hasn't been easy to add. > > > > > > IPCop is a great solution, and has many features. It'll probably have > > more in the future. Make enough (polite) noise, and someone may add > > snort+mysql, since that would be useful to a fairly wide audience. > > > > But if you're going to get advanced enough in your desires or > > requirements then you might consider learning to set up a firewall > > yourself using iptables, etc. Or use OpenBSD (pf is *way* easier to > > learn than iptables) ;) > ---- > a subversive in our midst ;-) > > I don't think iptables is very hard - you can hit the ground with both > feet running by starting with David Ranch's stuff... > > http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/c-html/firewall-examples.html#RC.FIREWALL-IPTABLES > > perhaps pf is way easier, but that makes it very easy to start with. > > Craig > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss