Re: Laptop Firewalling

On Wed, Nov 21, 2007 at 01:49:15PM +0700, Klein Moebius wrote:
> Being on the road a lot with my trusted lappy, I'd like to get
> suggestions on the best solution for an iptables based firewall that
> needs to be easily reconfigurable for wireless, ethernet cable, and ppp.
> I should be able to apply rules on the fly using tools such as wireshark
> to identify mac address exclusions, etc, and hopefully would be ipv6
> capable. Any ideas?

You could look at shorewall. It has a great set of docs in shorewall-doc.

Your laptop has three potential interfaces: eth(cable), eth(wireless) and ppp. Do the two eth end up with different unit numbers? (I've never used wireless). From a firewall perspective, does it matter if at any given time you're using a particular interface? Assuming that you're not forwarding, although perhaps the Nat config will change.

You could create a set of config files for each setup and write a script that copies the correct set to /etc/shorewall then restarts shorewall. Have the script start when an interface goes up.

Doug.

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org