Re: iptables usage
On Tue, 06 Feb 2007 22:38:17 -0500
Michael Pobega <pobega@gmail.com> wrote:
> Douglas Allan Tutty wrote:
> > On Tue, Feb 06, 2007 at 10:01:23PM -0500, Michael Pobega wrote:
> >
> >> I've been trying to get iptables working so that I can finally
> >> have a worthwhile client-side non-graphical firewall. So to test
> >> it out, I typed these two commands:
> >>
> >> /# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
> >> # iptables -A INPUT -j REJECT
> >>
> >> /And for some reason I completely lost my connection to port 80,
> >> even
I'm no expert in iptables, but AFAIK the order of the rules *does*
matter. If I understand what you are writing (as much as one can
understand iptables syntax) you are telling it to ACCEPT traffic on
port 80 and then you tell it to REJECT any traffic.
> > Why not just use shorewall? Its non-graphical. Its set up with
> > simple config files. The documentation is fantastic.
Second that!
> I'll look into Shorewall if it comes down to it, but I've been reading
> documentation on using iptables for two or so days now and decided to
> try it tonight only to find out it doesn't work for me at all. So I'm
> hoping to not have to start from scratch and learn another firewall
> config, even though iptables isn't embedded into my brain (Yet...)
> it'd just be a lot simpler to stick with what I've been reading up on.
Shorewall is really simple. Have a look at my 'notes' from
http://newbiedoc.berlios.de/wiki/Firewall_with_masquerading
> Plus, iptables is in the kernel, which means it's not an excess app;
> That gives it extra awesomeness credits right there.
Shorewall is not really an app. It only builds your rules, loads them
with iptables and then exits.
Regards,
Andrei
P.S. You should start a new thread for new problems, you might get more
answers that way
--
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)
Reply to: