[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPtables, netfilter, confusion...


Matthijs (<vanaalten@hotmail.com>) wrote:

> After posting some info about portknocking security (see thread SSH
> cracking attempts) I looked a bit at iptables at my system.
> Result from 'iptables -L':
> FATAL: Module ip_tables not found.
> iptables v1.2.11: can't initialize iptables table `filter': iptables
> who? (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
> I've found a lot of links with google, but nothing really useful. It
> seems that my kernel (self compiled 2.6.8) doesn't support iptables.
> I looked through the kernel config and found something under
> networking options: "network packet filtering (replaces ipchains)".
> But the help states that you should specify 'Y' for routers, 'N' for
> regular hosts - and 'N' if you're unsure. Well, I'm unsure right
> now...

If you want iptables, activate it.

> The system to protect is a Debian web/mail/ssh server, not a router.
> I'm not sure if I need a firewall but it won't hurt

Not always true. Recently there was, for example, a security problem
with iptables which allowed anyone to send the kernel into an endless
loop by sending a manipulated tcp packet. Systems that used iptables
without need were worse off that without iptables.

> - plus, if I can 
> run iptables, I can try the portknocking system.
> Can anyone explain firewalls & kernel 2.6? Can I still run iptables
> (and if yes, what should I change in my config or which module to
> load?) or is this network packet filtering 'the new thing'?

Yes, you can use iptables with 2.6. It is the default, like in 2.4.
Simply activate the option you mentioned, and the other related ones
you want. I you set them to "Y", you won't have to load the modules,
but there are many of them, and maybe you don't need them all. Setting
them to "M" and having the needed modules autoloaded is probably the
best choice, unless you do not want to use modules at all.

best regards
 Andreas Janssen

Andreas Janssen <andreas.janssen@bigfoot.com>
PGP-Key-ID: 0xDC801674 ICQ #17079270
Registered Linux User #267976

Reply to: