Re: Tutorial for iptables
On Wed, Jan 28, 2009 at 12:20:27PM +0100, cyril franke wrote:
> Hello list,
> I just started learning firewall setup with iptables
> and found the following tutorial useful:
Looks like a good idea.
> What do you think about the ruleset proposed for a
> typical web server firewall?
Ouch, that's pretty complicated (especially the stuff with TCP flags at
the beginning: iptables is a stateful firewall, the INVALID and
ESTABLISHED targets have been create to avoid such crap).
> What do you think about the suggested Iptables Log
> Analyzer: http://www.gege.org/iptables/
Not developed since 2002, works for linux 2.4 (no ipv6), uses text-based
logging ... I would say this is a pretty bad idea.
I'd suggest using ulogd  with a graphical interface, like NuLog .