Re: Iptables FW under 2.4.0-test11
On Wed, Dec 27, 2000 at 01:15:58PM +0100, Giacomo Mulas wrote:
> any use to anybody else. However, I set it up roughly this way:
> 1) I have a script that is softlinked to the rcS.d directory and thus gets
> started before any network interface is up. It sets up "one way" filtering
> essentially letting anything out from my computer and internal LAN and
> nothing in from any (unspecified) external interface, except packets
> coming back on connections originated from my internal LAN.
> 2) Most of the scripts in the ipmasq directories in /etc/ipmasq do nothing
> except setting up firewalling rules for antispoofing protection for
> dynamic interfaces (and cleaning them up after the dynamic interface goes
> down). I need to do this explicitly because I also use free S-WAN for
> ipsec and the latter does not work with rp_filter enabled.
> Let me know if I can further help with this.
I haven't started reading on iptables yet, so I don't no how hard it is,
but what you've done sounds like what I need. And I could use some help
here, so I would be pleased if you could post or mail your scripts.
Especially the rcS.d part sounds like I could steel some ideas from to
further secure my current ip-chains based firewall until the day that
I switch to a 2.4 kernel.