also sprach Martin G.H. Minkler <dukeofnukem@gmx.net> [2004.10.21.1345 +0200]: > >iptables-restore < file > > Sorry, beginners idiocy, copying stuff from a tutorial he read. No reason to be sorry. It took me a while to learn this too... > Although it is hardly imaginable that someone <tm> manages to > spoof the interface match, I wanted my rules as tight as possible > thus using interface _and_ DynIP ('$IPTABLES -A INPUT -p tcp -d > $IP_INET -i $DEV_INET -m state --state NEW -j BLACKLIST')- it > would naturally all be solved if I refrained from using variables > and resorted to -i ppp0 instead. Why do you want your rules to be as tight as possible? While I fundamentally agree with this approach, I don't really see an added value for limiting the destination address. > But since I'm experimenting and learning, some non-pragmatical > approaches may occur, especially since I want to keep the script as > generic/cross-distro-usable as possible :-) You do know that there are plenty firewall scripts for iptables already, right? -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature