Re: ipchains -> iptables?

On 13/02/2008, Zach <netrek@gmail.com> wrote:
> On Feb 12, 2008 7:20 PM, Adrian Levi <adrian.levi@gmail.com> wrote:
> >
> > The topology of chains to tables is fundamentally different, In chains
> > a packet that is to be forwarded must also go though the input and
> > output chains. Under tables this packet only has to traverse the
> > forward table, input and output tables only refer to packets destined
> > for and from the firewall machine.
>
> Hi Adrian,
>
> Ah I see so we're dealing with apples and oranges here.

Unfortunately yes. Someone probably has written a script but I wouldn't know where to find it.

> > I am happy to post my tables script and you can use that as the basis
> > of yours if you like.
>
> Thank you, that would be great.

No worries. Mine was based heavily on MonMotha's firewall script, Modified to suit my purposes and needs. - You will need to edit it as well but that should be trivial. 2 network cards, plact the IP adresses of your clients to access the net in the ALLOWED_INET_CLIENTS variable and your LAN_IP range, set your network interfaces and comment out the port forwarding stuff.

This script supports ingress and egress filtering. It will drop any packets from or to the Internet with private IP addresses. Only open the holes you need and you will be safer. This script is a little slow for me to load because of all the modprobes at the start. As soon as I got it working I dropped work on it never got back to tidy it up.

But it should give you an idea on what you can do.

Adrian

-- 
24x7x365 != 24x7x52 Stupid or bad maths?
 hm. I've lost a machine.. literally _lost_. it responds to
ping, it works completely, I just can't figure out where in my
apartment it is.

-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek