On Tue, 10 Dec 2002 08:48:01 -0200 "Piritubano Mor" <piritubano@terra.com.br> wrote: > Para utilizar o ipchains eu removi o iptables > apt-get remove iptables > e quando eu vou testar o iptables eu instalo ele novamente > apt-get install iptables (e removo o ipchains) > esta correto? Não, voce tem que deixar instalado o pacote iptables e ipchains. Na hora de executar a firewall você carrega os modulos do kernel referentes ao iptables ou ipchains. ## firewall.iptables ### !/bin/sh # Load Modules echo "Loading kernel modules ..." /sbin/depmod -a # core netfilter module /sbin/modprobe ip_tables # the stateful connection tracking module /sbin/modprobe ip_conntrack # filter table module /sbin/modprobe iptable_filter # mangle table module /sbin/modprobe iptable_mangle # nat table module /sbin/modprobe iptable_nat # LOG target module /sbin/modprobe ipt_LOG # This is used to limit the number of packets per sec/min/hr /sbin/modprobe ipt_limit # masquerade target module /sbin/modprobe ipt_MASQUERADE # filter using owner as part of the match /sbin/modprobe ipt_owner # REJECT target drops the packet and returns an ICMP response. /sbin/modprobe ipt_REJECT # This target allows packets to be marked in the mangle table /sbin/modprobe ipt_mark # This target affects the TCP MSS /sbin/modprobe ipt_tcpmss # This match allows multiple ports instead of a single port or range /sbin/modprobe multiport # This match checks against the TCP flags /sbin/modprobe ipt_state # This match catches packets with invalid flags /sbin/modprobe ipt_unclean # The ftp nat module is required for non-PASV ftp support /sbin/modprobe ip_nat_ftp # the module for full ftp connection tracking /sbin/modprobe ip_conntrack_ftp # the module for full irc connection tracking /sbin/modprobe ip_conntrack_irc ## firewall.ipchains ### #! /bin/sh /sbin/depmod -a # Modulo do IPChains. /sbin/modprobe ipchains # Modulo para tratamento do FTP. /sbin/modprobe ip_masq_ftp # Modulo para tratamento do ICQ. /sbin/modprobe ip_masq_icq # Este msdulo suporta masquerading do RealAudio usando UDP. /sbin/modprobe ip_masq_raudio # Suporta o masquerading do IRC /sbin/modprobe ip_masq_irc PS: Favor não utilizar o Reply To !!!! -- [ ]'s ******************* .''`. * idic@terra.com.br * : :' : * GNU/Linux Debian * `. `'` ******************* `- Gnupg ID 0x01186BE1 Key fingerprint =3D F17E 75C6 CE00 0E09 F63B 71B0 A0D2 FAD9 0118 6BE1 O homem de bem exige tudo de si próprio; o homem medíocre espera tudo dos outros
Attachment:
00000000.mimetmp
Description: PGP signature
Attachment:
pgpbuBIv_O9hg.pgp
Description: PGP signature