On 4/7/2010 7:26 PM, Adam Morris wrote: > I would recommend taking a look at Shorewall > <http://www.shorewall.net/>. I can't stand dealing with IPTables myself > but Shorewall simplifies the process. Its still not as easy as some of > the GUI tools such as Firestarter, but once you read through the > tutorials and the getting started guides then you should be able to > perform most things pretty easily. It took a while to figure out the roles that each config file (rules/interfaces/policy/shorewall.conf) plays, but once I had that down, it wasn't too difficult to set things up, so thanks! Three questions: Is there any reason not to use REJECT instead of DROP? Timing out could be indicative of other problems, whereas if the client acts as though the host is unreachable, I know I'm being locked out by the firewall. Is it safe to have all ports above 10000 open to the public in order to allow the server to act as a seedbox as long as transmission-daemon is the only service listening on those ports? How should I handle trusted users who have dynamic IPs without allowing everyone who uses the same ISP as they do?