some reality about iptables, please
I can find all the sites and advice I want about how to form iptables
rules, but I can't find any decent discussion of how to enable the damn
things.
I get the idea that an iptables firewall is set up by actually running a
bunch of "iptables -options" lines, presumably from a script.
But where do I put the script(s)?
There's a mechanism set up in /etc/default/iptables. I quote from the
file:
# A: I was pretty much hounded into providing it. I do not like it.
# Don't use it. Use /etc/network/interfaces, use /etc/network/*.d/
# scripts use /etc/ppp/ip-*.d/ script. Create your own custom
# init.d script -- no need to even name it iptables. Use ferm,
# ipmasq, ipmenu, guarddog, firestarter, or one of the many other
# firewall configuration tools available. Do not use the init.d
# script.
...
# Q: How do I get started?
# A: (Did I mention "do not use it" already? Oh well.)
For crissake! Can anyone point me at some sensible discussion of how
the hell to go about putting firewall rules in place? I've got a
laptop, usually on a cable modem, but sometimes using dial-up.
I know generally about the /etc/init.d/rcX.d runlevel mechanism. Now I
need a sensible discussion of when and HOW to run what sorts of
iptables-rules-containing scripts so I can figure out how to protect my
system. Please don't just tell me about "runlevels" - I know they exist
already.
The Debian Security manual is useless. It only give examples of a few
iptables rules, says that's not enough, and speaks not at all (that I've
found yet) about how to implement the damn things.
Someone somewhere speaks to issue of the actual plumbing to implement
iptables. Can anyone point me?
thanks much in advance,
Bret
--
bwaldow at alum dot mit dot edu
Reply to: