From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: * X-Spam-Status: No, score=1.1 required=5.0 tests=DATE_IN_PAST_12_24,DMARC_NONE, INVALID_DATE,MAILING_LIST_MULTI autolearn=no autolearn_force=no version=4.0.0 Received: from femail15.sdc1.sfba.home.com ([24.0.95.142]) by cvs.gentoo.org with esmtp (Exim 3.30 #1) id 15oACF-0003vU-00 for gentoo-dev@cvs.gentoo.org; Mon, 01 Oct 2001 15:01:51 -0600 Received: from gentoo.org ([24.101.166.196]) by femail15.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20011001210235.ZVBE19362.femail15.sdc1.sfba.home.com@gentoo.org> for ; Mon, 1 Oct 2001 14:02:35 -0700 Message-ID: <3BB8D91C.C52CDE0C@gentoo.org> From: Donny Davies X-Mailer: Mozilla 4.77 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: gentoo-dev@cvs.gentoo.org Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: [gentoo-dev] NAT iptables info Sender: gentoo-dev-admin@cvs.gentoo.org Errors-To: gentoo-dev-admin@cvs.gentoo.org X-BeenThere: gentoo-dev@cvs.gentoo.org X-Mailman-Version: 2.0 Precedence: bulk Reply-To: gentoo-dev@cvs.gentoo.org List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux development list List-Unsubscribe: , List-Archive: Date: Mon Oct 1 15:02:01 2001 X-Original-Date: Mon, 01 Oct 2001 16:59:08 -0400 X-Archives-Salt: 7d3140a9-234c-460f-ba65-b900f40bb887 X-Archives-Hash: ac65d478fb0c3611b2c4b0209b6469d9 Please search freshmeat for iptables scripts. Please understand that they're mostly just that-- scripts. Mostly they work top-down, with a few variables you can edit applicable to your setup. Its easy enough to understand. There are a zillion things you can do with the netfilter framework, its very robust. To provide some kind of gentoo firewall is, hmm, well silly. Its %100 configuration. This is not the domain of a 'package', 'rpm' or ebuild. It is the domain of a system administrator. If you are operating a Linux box then you are automatically a system administrator. Cool huh!? :-) This list is not the place for this type of stuff IHMO. This is not a howto-list. I mean no disrespect. Please dont take any offense. What gentoo provides is a nice framework for inserting your firewall script into the init system. At least on rc5 there was an initfile specifically for that purpose. Actually we neednt provide any more than just that! Ie: provide a slot for a firewall script to run. I think the rc5 one ran after all non-local interfaces were brought up, its been so long since I changed my firewall box that I cant remember anymore :) The nice thing about that approach is that you could always just source it, and run the function it was enclosed in if you needed to run it again. Simple, slick, sufficient. Please read up on packet filtering. Microsoft Internet Connection sharing is not a simple hack. Its a lot of work to provide a simple, robust interface to newbies who want to share an internet connection. I would remind you that they basically *didnt* even write it. They bought out the company that *did* write it. It used to be a product called NAT1000 for Windows NT, and sure enough, it started to sell like hotcakes. Naturally, Micro$loth being the anti-competitive juggernaut that it is, swallowed them up, and started tossing it in with Windows 98 Second Edition. There is simply sooo many different variants of these 'firewall scripts' on freshmeat that it would be silly to try to come up with a 'here, this does it for everybody'. It is the obligation of the system administrator. Again, like I said, it is %100 configuration, with many peices in the *kernel*. This is not the domain of a 'package'. If it helps you, Im personally using a modified version of something I grabbed from freshmeat. Good Luck. Of course Id be willing to send you a copy if you wish. Cheers -- Donny