Whenever I touch a Linux system I’m amazed that nobody’s written anything better than iptables yet.
3
1
@jogbert It's horrible. Yet I rarely have to touch it. ufw does fine for laptops and simple servers, and I use firehol for complex routers.
1
@dsilverstone Just little things, like β€œlog AND accept/drop” shouldn’t need to be two rules. :-(
1
Replying to @jogbert
@jogbert Mmm, OTOH it's pretty extensible/sane overall.

May 27, 2013 Β· 4:30 PM UTC

2
Replying to @dsilverstone
@dsilverstone I’d rather something like OpenBSD’s pf. Readable yet powerful (and just one config file).
1
@jogbert I've never been near enough OpenBSD's pf to compare it with iptables. Due to the rest of OpenBSD being worse than paedophiles.
1
Replying to @dsilverstone
@dsilverstone That said, I didn’t know about ufw. It looks relatively sane… will give it a go.