The problem is that I don't trust myself to write good firewall rules. I'm not a firewalling expert and it makes my brain hurt. I can cope with things on the level of "block this port" but I've never been 100% happy with any iptables firewall I've created, because I've never understood iptables well enough to be certain I was blocking what I ought to.
It hasn't helped that I've spend most of yesterday and today chasing a red herring that was nothing to do with the firewalling. I'm not even sure that the problem with the vpn software I use is firewall related either (it's just the most obvious thing that's changed since it stopped working). The vpn software is hand-rolled by technogods, and is thus a complete black box to me, and I have no real clue when it comes to debugging problems with it. All I can do is sit here rather lamely and go "but it doesn't work", and thus earn the derision of said techogod, which I'm not really up to coping with in my current ill state.
Re: I'm going to regret this...
It hasn't helped that I've spend most of yesterday and today chasing a red herring that was nothing to do with the firewalling. I'm not even sure that the problem with the vpn software I use is firewall related either (it's just the most obvious thing that's changed since it stopped working). The vpn software is hand-rolled by technogods, and is thus a complete black box to me, and I have no real clue when it comes to debugging problems with it. All I can do is sit here rather lamely and go "but it doesn't work", and thus earn the derision of said techogod, which I'm not really up to coping with in my current ill state.