LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] iptables - Home routing

[ILUG] iptables - Home routing

Sean O Sullivan seanos at gmail.com
Thu Feb 24 18:06:43 GMT 2005 

Nice tutorial, however I knew most of it ... it wasn't a case of me too 
lazy to read on how to setup firewall, I setup what I wished to use & 
simply was curious if anything blantantly stood out screaming errors/bad 
config.
I'll read the tutorial later, see if there is an easier way to do 
anything I did :)

Barry O'Donovan wrote:

>I don't have the time to read what you've done below. Maybe someone else 
>has, but the following should cover exactly what you're trying to do:
>
>http://www.linux.ie/articles/tutorials/firewall/
>
>
>  
>
I'll look into Shorewall, thanks.
I did try Firestarter, which I found was a massive disaster ... it 
didnt' exactly set the rules the way /I/ set them within the config.

Colm Buckley wrote:

>
> To be honest, your best bet is to use Shorewall to set up iptables for 
> you.  Your approach should work, but it's quite labour-intensive and 
> hard to ensure it's error-free.
>
> Shorewall takes almost all of the pain away.  Shorewall good.
>
>     Colm
>

Thanks John, didn't know could do that with iptables (well assumed 
something similar could be done, just unsure of how/safety.

John Madden wrote:

>Instead of doing something like this as the last rule, I'd use 
>iptables -P OUTPUT REJECT at the top of the script. It sets the policy
>of the OUTPUT chain to REJECT. It's just easier for any updates you need
>to make in future -- it removes the chance of a previous REJECT rule
>blocking a following ACCEPT rule. Eg. if you needed access to a port
>other than SSH and HTTP on the INPUT chain, and you added
>iptables -A INPUT -s 0/0 -i eth1 --dport 23 -j ACCEPT 
>at the end of your script (or anywhere after the REJECT rule for INPUT)
>then it wouldn't work, and you could be left pulling your hair out over
>something simple.
>
>This is particularly useful if the ruleset is large to begin with, or
>will possibly get larger in future.
>
>
>- -- 
>Chat ya later,
>
>John.
>  
>

Thanks for replies/help,

Regards,

Sean

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell