[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iptables FW under 2.4.0-test11

On Wed, Dec 27, 2000 at 01:15:58PM +0100, Giacomo Mulas wrote:

> any use to anybody else. However, I set it up roughly this way: 
> 1) I have a script that is softlinked to the rcS.d directory and thus gets
> started before any network interface is up. It sets up "one way" filtering
> essentially letting anything out from my computer and internal LAN and
> nothing in from any (unspecified) external interface, except packets
> coming back on connections originated from my internal LAN. 
> 2) Most of the scripts in the ipmasq directories in /etc/ipmasq do nothing
> except setting up firewalling rules for antispoofing protection for
> dynamic interfaces (and cleaning them up after the dynamic interface goes
> down). I need to do this explicitly because I also use free S-WAN for
> ipsec and the latter does not work with rp_filter enabled.

> Let me know if I can further help with this. 

I haven't started reading on iptables yet, so I don't no how hard it is,
but what you've done sounds like what I need. And I could use some help
here, so I would be pleased if you could post or mail your scripts.
Especially the rcS.d part sounds like I could steel some ideas from to
further secure my current ip-chains based firewall until the day that
I switch to a 2.4 kernel.

groetjes, carel

Reply to: