James O'Gorman · May 27, 2013 · 4:17 PM UTC

James O'Gorman @jogbert

27 May 2013

Whenever I touch a Linux system I’m amazed that nobody’s written anything better than iptables yet.

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · May 27, 2013 · 4:23 PM UTC

27 May 2013

@jogbert It's horrible. Yet I rarely have to touch it. ufw does fine for laptops and simple servers, and I use firehol for complex routers.

James O'Gorman · May 27, 2013 · 4:24 PM UTC

James O'Gorman @jogbert

27 May 2013

@dsilverstone Just little things, like “log AND accept/drop” shouldn’t need to be two rules. :-(

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · May 27, 2013 · 4:30 PM UTC

27 May 2013

@jogbert Mmm, OTOH it's pretty extensible/sane overall.

James O'Gorman · May 27, 2013 · 4:31 PM UTC

James O'Gorman @jogbert

27 May 2013

@dsilverstone I’d rather something like OpenBSD’s pf. Readable yet powerful (and just one config file).

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · May 27, 2013 · 4:33 PM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · May 27, 2013 · 4:33 PM UTC

27 May 2013

Replying to @jogbert

@jogbert I've never been near enough OpenBSD's pf to compare it with iptables. Due to the rest of OpenBSD being worse than paedophiles.

May 27, 2013 · 4:33 PM UTC

James O'Gorman · May 27, 2013 · 4:34 PM UTC

James O'Gorman @jogbert

27 May 2013

@dsilverstone I don’t touch OpenBSD much. But FreeBSD uses pf too :-)

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · May 27, 2013 · 4:35 PM UTC

27 May 2013

@jogbert Never been close enough to FreeBSD's pf due to the rest of FreeBSD being worse than IBM. :-) (I just dislike BSDs :-)