Re: iptables firewall help
Hello,
a couple of weeks I found this link on debian-firewall:
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/adsl4linux/ADSL4Linux/ADS
L4Linux/templates/firewall.iptables.devel?rev=HEAD&content-type=text/vnd
.viewcvs-markup
It is a pretty good script. You have to set y or n for a list of services
you want to run. The rest of the script is very readable and the firewall
is pretty robuust. It is originally desinged for a Dutch ADSL line, but it
can easily be adapted to every kind of interface. And it handles dynamic
ip's. Put the script in /etc/ppp/ip-up.d (not sure about this), this
should start the script when dailed in.
Greetz,
Sebastiaan
On Tue, 26 Jun 2001, Matthew Garman wrote:
>
> I would like to upgrade my kernel from 2.2 to 2.4. The main thing that
> concerns me is building a new iptables-based firewall (as opposed to
> ipchains).
>
> I was using the TrinityOS firewall for ipchains. I read through it,
> somewhat, but basically accepted its security on blind faith.
>
> I figure that with the switch to 2.4 and iptables, now would be a good
> time to really learn how to write a good firewall script.
>
> So for starters, I'd like to have a good, secure, well-commented iptables
> firewall script that I could use and learn from. Then I'd like to see
> some online documentation on firewall considerations.
>
> For the summer, I want a firewall that works with dynamic IP addresses so
> my dad and I can share a modem (standard, ultra-slow serial analog modem),
> running no services.
>
> Then, when I go back to school, I'll want to change the script so I can
> share a cablemodem with my roommates. I'll also run a couple basic
> services at that time, such as a mailer, an SSH daemon, and probably
> Apache.
>
> If anyone can point me in the right direction to get started, I would be
> very appreciative :)
>
> Thanks!
> Matt
>
> --
> Matt Garman, garman@uiuc.edu
> "I'll tip my hat to the new constitution, Take a bow for the new revolution
> Smile and grin at the change all around, Pick up my guitar and play
> Just like yesterday, Then I'll get on my knees and pray..."
> -- Pete Townshend/The Who, "Won't Get Fooled Again"
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: