Nice tutorial, however I knew most of it ... it wasn't a case of me too
lazy to read on how to setup firewall, I setup what I wished to use &
simply was curious if anything blantantly stood out screaming errors/bad
I'll read the tutorial later, see if there is an easier way to do
anything I did :)
Barry O'Donovan wrote:
>I don't have the time to read what you've done below. Maybe someone else
>has, but the following should cover exactly what you're trying to do:
>>http://www.linux.ie/articles/tutorials/firewall/>>>>I'll look into Shorewall, thanks.
I did try Firestarter, which I found was a massive disaster ... it
didnt' exactly set the rules the way /I/ set them within the config.
Colm Buckley wrote:
>> To be honest, your best bet is to use Shorewall to set up iptables for
> you. Your approach should work, but it's quite labour-intensive and
> hard to ensure it's error-free.
>> Shorewall takes almost all of the pain away. Shorewall good.
Thanks John, didn't know could do that with iptables (well assumed
something similar could be done, just unsure of how/safety.
John Madden wrote:
>Instead of doing something like this as the last rule, I'd use
>iptables -P OUTPUT REJECT at the top of the script. It sets the policy
>of the OUTPUT chain to REJECT. It's just easier for any updates you need
>to make in future -- it removes the chance of a previous REJECT rule
>blocking a following ACCEPT rule. Eg. if you needed access to a port
>other than SSH and HTTP on the INPUT chain, and you added
>iptables -A INPUT -s 0/0 -i eth1 --dport 23 -j ACCEPT
>at the end of your script (or anywhere after the REJECT rule for INPUT)
>then it wouldn't work, and you could be left pulling your hair out over
>>This is particularly useful if the ruleset is large to begin with, or
>will possibly get larger in future.
>Chat ya later,
Thanks for replies/help,
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!