[rescue] RFA: firewall
Jonathan C. Patschke
jp at celestrion.net
Mon Jan 10 10:01:29 CST 2005
On Mon, 10 Jan 2005, Patrick Finnegan wrote:
> You should try using iptables-save and iptables-restore; it's much
> easier (and probably more readable).
Uh, no.
It's still the same prerouting/postrouting dnat/snat target/jump crap.
iptables is a fundamentally different way of expressing routing rules
from pf/ipf, and it's not a particularly sensible one. At least it's
better than the crapola that the PIX uses.
--
Jonathan Patschke ) "I've built my whole system with [-fomit-frame-pointer]
Elgin, TX ( cause it was recommended...as I don't care if a program
USA ) crashes, not interested in finding out why."
( --Tim, Another Satisfied Gentoo User
More information about the rescue
mailing list