|
Sorry for the top post. Can beat Oskar Andreasson's IPTables Tutorial http://iptables-tutorial.frozentux.net/ Jim Pierre Chifflier wrote: On Wed, Jan 28, 2009 at 12:20:27PM +0100, cyril franke wrote:Hello list, I just started learning firewall setup with iptables and found the following tutorial useful: http://www.iptablesrocks.org/Hi, Looks like a good idea.What do you think about the ruleset proposed for a typical web server firewall? http://www.iptablesrocks.org/guide/ruleset.phpOuch, that's pretty complicated (especially the stuff with TCP flags at the beginning: iptables is a stateful firewall, the INVALID and ESTABLISHED targets have been create to avoid such crap).What do you think about the suggested Iptables Log Analyzer: http://www.gege.org/iptables/Not developed since 2002, works for linux 2.4 (no ipv6), uses text-based logging ... I would say this is a pretty bad idea. I'd suggest using ulogd [1] with a graphical interface, like NuLog [2]. Cheers, Pierre [1] http://www.netfilter.org/projects/ulogd/index.html [2] http://software.inl.fr/trac/wiki/EdenWall/NuLog |