Re: turning on verbose logging for iptables?
Dave Price écrivait :
> Is there a better sysntax I should be using to define IP addresses in my
> firewall script(s)?
For this question I guess there is no easy answer... It depends of what you
are using to build your firewall script. It seems your are doing it by hand
(as I often do) so it's up to you to choose the way you want to write it!
If you are writing a firewall script for a unique computer which will never
have change in its IP addresses or network interfaces, then their is no need
to make it too hard to write for a one time script only! :)
If you want to use the same script for multiple firewalls working in similar
network structures, may be you'll want to use variables for a few things
changing from one to another like IP addresses and network interfaces names.
Something like this for example:
# public network (Internet side)
PUBINT="eth0"
PUBADD="1.2.3.4"
PUBNET="1.2.3.4/29"
# DMZ network (servers side)
DMZINT="eth1"
DMZADD="192.168.0.1"
DMZNET="192.168.0.0/24"
# private network (workstation side)
PRVINT="eth2"
PRVADD="172.28.0.1"
PRVNET="172.28.0.0/24"
And use them in the rest of your script instead of any numeric hard coding.
But we are going far away your first question... :)
Regards, J.C.
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: