Re: Firehol question

To: debian-firewall@lists.debian.org
Subject: Re: Firehol question
From: Gian Piero Carrubba <gp-ml@rm-rf.it>
Date: Mon, 10 Jan 2005 15:40:48 +0100
Message-id: <1105368048.5503.36.camel@king.fdc.rm-rf.it>
In-reply-to: <64701.68.121.165.17.1105332269.squirrel@68.121.165.17>
References: <64701.68.121.165.17.1105332269.squirrel@68.121.165.17>

Il giorno dom, 09-01-2005 alle 20:44 -0800, JM ha scritto:

> I have iptables but decided to use firehol. If my understanding is
> correct, I should stop iptables when using firehol because firehol uses
> its own, that is, i need to to do 'update-rc.d -f iptables remove' in
> order for firehol to "take over".  Is this correct?

yes, firehol is a sort of front-end to iptables.

[...]
> Is this an acceptable configuration?  Any hints on how to make this better?

I'd use:

interface eth0 internet src not "${UNROUTABLE_IPS}" \
     [ dst $ip ] # if your ip is static

   policy reject
   protection strong

Ciao,
Gian Piero.

Reply to:

Follow-Ups:
- Re: Firehol question
  - From: "JM" <jmm19@humboldt.edu>

References:
- Firehol question
  - From: "JM" <jmm19@humboldt.edu>

Prev by Date: Re: no ipchains with 2.2/no network with 2.4
Next by Date: Re: no ipchains with 2.2/no network with 2.4
Previous by thread: Firehol question
Next by thread: Re: Firehol question
Index(es):
- Date
- Thread