James O'Gorman · May 27, 2013 · 4:17 PM UTC

James O'Gorman @jogbert

27 May 2013

Whenever I touch a Linux system I’m amazed that nobody’s written anything better than iptables yet.

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · May 27, 2013 · 4:23 PM UTC

27 May 2013

@jogbert It's horrible. Yet I rarely have to touch it. ufw does fine for laptops and simple servers, and I use firehol for complex routers.

James O'Gorman · May 27, 2013 · 4:24 PM UTC

James O'Gorman @jogbert

27 May 2013

@dsilverstone Just little things, like “log AND accept/drop” shouldn’t need to be two rules. :-(

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · May 27, 2013 · 4:30 PM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · May 27, 2013 · 4:30 PM UTC

27 May 2013

Replying to @jogbert

@jogbert Mmm, OTOH it's pretty extensible/sane overall.

May 27, 2013 · 4:30 PM UTC

James O'Gorman · May 27, 2013 · 4:31 PM UTC

James O'Gorman @jogbert

27 May 2013

@dsilverstone I’d rather something like OpenBSD’s pf. Readable yet powerful (and just one config file).

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · May 27, 2013 · 4:33 PM UTC

27 May 2013

@jogbert I've never been near enough OpenBSD's pf to compare it with iptables. Due to the rest of OpenBSD being worse than paedophiles.

James O'Gorman · May 27, 2013 · 4:32 PM UTC

James O'Gorman @jogbert

27 May 2013

@dsilverstone That said, I didn’t know about ufw. It looks relatively sane… will give it a go.