Re: Firewall tutorial
Penguin wrote:
I am a complete beginner to firewalls, I would like to know if they can do
these things:
- record history of packets grouping by port number, TCP or UDP (or
whatever?), data size if any, and any suspicious things like ICMP flood.
It starts recording the moment you tell it to, so it won't be able to
fetch the "history of packets".
I'm sure you'd be able to find some script (probably perl) that will
sort out packet filtering logs for you.. else just write one yourself,
quite simple.
- record the actual data as a packet sniffer for a PPP link (my dialup
modem). I am suspicious of what's going on. I want to see ALL that stuff
moving over my link, printing it to a file or perhaps sending it to my
PostgreSQL db in tables where I can select by PASS: USER: etc etc and of
course just inspect the raw data.
Yes you can do all of that. just man iptables (ipchains if your kernel
is 2.2.x)
Also, need a tut for writing firewall rules. Got to be for a really stupid
beginner who knows nothing! :)
Google will give you loads of those, however http://netfilter.samba.org/
is a good start.
Thanks
David.
Reply to: