I've created some gentoo firewall scripts that integrate into the baselayout networking system. I'm no net-security expert, but the scripts and the rules are very, very clean, so I can't see there being any major security concerns. I think the scripts go along with the spirit of gentoo and they integrate very well with baselayout (>0.11). All the user needs to do is edit /etc/conf.d/firewall and then interfaces are automatically firewalled when they are brought up. Lets see if I can create an attachment...
Created attachment 59958 [details] Tarball and ebuild files
Never attach tarballs. Attach plaintext files and reopen then, thanks. http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=2&chap=3#doc_chap2
Created attachment 59984 [details] firewall shell script
Created attachment 59985 [details] net module for firewall
Created attachment 59986 [details] config file for firewall script
Created attachment 59987 [details] ebuild for all this stuff
Sorry about that. Please let me know if there is a more appropriate place to put a full gentoo program (vs. just an ebuild for an existing program) or anything else I can do to help.
There are also Bug 13731 (no ebuild in there) and Bug 27192 (contains some tarball so I did not really check how does that one look like). I think it would be nice to have some nice basic firewall scripts distributed with iptables.
There are some good firewall scripts out there, monmotha used to be one of them, now it's not due to lack of maintence. Arno's firewall attached at #20726 is actually really nice. It doesn't make any sense to me why Gentoo would want to have their own firewall scripts at this point. It's like Gentoo making it's own cron, sure it could but why?
(this is an automated message based on filtering criteria that matched this bug) 'EBUILD' is in the KEYWORDS which should mean that there is a ebuild attached to this bug. This bug is assigned to maintainer-wanted which means that it is not in the main tree. Hello, The Gentoo Team would like to firstly thank you for your ebuild submission. We also apologize for not being able to accommodate you in a timely manner. There are simply too many new packages. Allow me to use this opportunity to introduce you to Gentoo Sunrise. The sunrise overlay[1] is a overlay for Gentoo which we allow trusted users to commit to and all users can have ebuilds reviewed by Gentoo devs for entry into the overlay. So, the sunrise team is suggesting that you look into this and submit your ebuild to the overlay where even *you* can commit to. =) Because this is a mass message, we are also asking you to be patient with us. We anticipate a large number of requests in a short time. Thanks, On behalf of the Gentoo Sunrise Team, Jeremy. [1]: http://www.gentoo.org/proj/en/sunrise/ [2]: http://overlays.gentoo.org/proj/sunrise/wiki/SunriseFaq
