[ale] What I want for Christmas - wrt IPTABLES

Jeff Lightner jlightner at water.com
Wed Dec 12 08:59:12 EST 2007 

Scary idea.  Even if such a tool existed there seems a fair likelihood
your system would be filled with Trojans by the time you'd created the
rules.

It's a pain but it is much better to be totally restrictive and figure
out what to open as you go along than to make it wide open and figure
out what you need to restrict.

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Jim
Lynch
Sent: Wednesday, December 12, 2007 8:45 AM
To: Atlanta Linux Enthusiasts
Subject: [ale] What I want for Christmas - wrt IPTABLES

I've finally figured out what I want Santa to bring me.  It's a utility 
that I could run on a system with a fairly wide open IPTABLES 
configuration that would log all the activity and somehow let me edit 
that log and feed it into the utility to generate a set of iptables 
directives to permit only what I want to let through. 

I've been frustrated in the past a lot by what I think should work and 
doesn't.  It would even be nice to turn on a switch on iptables that 
would log attempts to get through the firewall and also suggest how to 
modify the configuration file, if you really wanted that to be
permitted.

Any sort of automated help tools for configuring iptables would surely 
be appreciated.  I don't have the time or inclination to become an 
expert in all the tools I have to use. 

Maybe Santa's elves will write an AI application to accomplish this
feat.

Jim.
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

More information about the Ale mailing list