From: Eric Frisch <ericf@xxxxxxxxxxx>
Date: 03 Mar 2003 09:10:32 -0500
Why not use gShield, default policy is to drop everything except maybe
ident. You just enable the services you need using a very well
documented set of configuration files. You can add the odd custom rule
yourself as well. The only place I have had trouble is the default
policy is to log the drop events for hosts you place in the blacklist,
dropping hundreds of packets a second from a rogue site will overwhelm
the Raq with logging activity. You can do an sh -x on the gShield rc
file to see all the rules generated if you want to sanity check the
thing.