[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tutorial for iptables

On Wed, Jan 28, 2009 at 12:20:27PM +0100, cyril franke wrote:
> Hello list,
> I just started learning firewall setup with iptables
> and found the following tutorial useful:
> http://www.iptablesrocks.org/


Looks like a good idea.

> What do you think about the ruleset proposed for a
> typical web server firewall?
> http://www.iptablesrocks.org/guide/ruleset.php

Ouch, that's pretty complicated (especially the stuff with TCP flags at
the beginning: iptables is a stateful firewall, the INVALID and
ESTABLISHED targets have been create to avoid such crap).

> What do you think about the suggested Iptables Log
> Analyzer: http://www.gege.org/iptables/

Not developed since 2002, works for linux 2.4 (no ipv6), uses text-based
logging ... I would say this is a pretty bad idea.

I'd suggest using ulogd [1] with a graphical interface, like NuLog [2].


[1] http://www.netfilter.org/projects/ulogd/index.html
[2] http://software.inl.fr/trac/wiki/EdenWall/NuLog

Reply to: