On 1/31/18 12:28 PM, Jacques Rodary
wrote:
Have you looked at shorewall? I use it on all my debian linux installs. Basically its a front end to the kernel iptables network filters. It sets up the iptables entries and then goes away so that there is no additional program running after it does its job. It starts up on boot after you have set up the rules the way you want. You have to set a parameter in the /etc/default/shorewall file to have it start since you don't want to loose connection to your machine if you are logging in through a network port. That way you can test it before you actually use it. It is driven by several text config files in /etc/shorewall. For instance NAT is set up easily by this command in the snat file (my internet connection is on eth1 and local 172 net is on eth0): MASQUERADE 172.16.0.1/16 eth1 I redirect all the dns and time requests to my router machine even if the client has requested these services from an outside address. I use opendns for its malware filters so bind is set to forward all non local dns querys to opendns servers. I also use dnscrypt-proxy to get a secure connection to opendns so that I can be assured that the data coming back from opendns hasn't been tampered with. These 2 lines in the rules file accomplish the redirection: REDIRECT Loc 53 tcp,udp 53
- There is plenty of documentation and examples for simple setups
available on the shorewall web site. --
...Bob |