From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 282401381FB for ; Sat, 29 Dec 2012 02:47:52 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 000C0E06B3; Sat, 29 Dec 2012 02:47:31 +0000 (UTC) Received: from ironport2-out.teksavvy.com (ironport2-out.teksavvy.com [206.248.154.182]) by pigeon.gentoo.org (Postfix) with ESMTP id B9E9EE06B3 for ; Sat, 29 Dec 2012 02:46:17 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgsKAG6Zu09FpaPP/2dsb2JhbABEsnYDgRiBCIIVAQEFOhwzCxgcEhQlN4gOugmLCAJYgUSCPGIDiEKEfIdchV+IOoFYgwc X-IronPort-AV: E=Sophos;i="4.75,637,1330923600"; d="scan'208";a="210858340" Received: from 69-165-163-207.dsl.teksavvy.com (HELO waltdnes.org) ([69.165.163.207]) by ironport2-out.teksavvy.com with SMTP; 28 Dec 2012 21:46:16 -0500 Received: by waltdnes.org (sSMTP sendmail emulation); Fri, 28 Dec 2012 21:46:05 -0500 From: "Walter Dnes" Date: Fri, 28 Dec 2012 21:46:05 -0500 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] IPTABLES syntax change? Message-ID: <20121229024605.GB5340@waltdnes.org> References: <20121227004732.GB5854@waltdnes.org> <50DBA7D0.4060800@orlitzky.com> <87zk0zivjk.fsf@einstein.gmurray.org.uk> <20121227231150.GA9864@waltdnes.org> <50DCDEAF.9020002@orlitzky.com> <20121228035937.GA2949@waltdnes.org> <50DD370F.4070509@orlitzky.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <50DD370F.4070509@orlitzky.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: 20510d8c-6ad4-49dc-9f7f-f1407b6a9c16 X-Archives-Hash: 79fa535afe3c08c31467a5ffdc1e5a9a On Fri, Dec 28, 2012 at 01:07:11AM -0500, Michael Orlitzky wrote > On 12/27/2012 10:59 PM, Walter Dnes wrote: > > > > Here's my revised "Paranoia Plus" ruleset. Any comments? Because I'm > > behind a NAT-ing ADSL router/modem, many of my rules rarely see hits. > > However, I do have a backup dialup connection in case of problems, so > > most of my rules don't specify the network interface. A couple of > > notes... > > > > I did a bunch of inline comments below as I was trying to understand the > rules. At the end I give the tl;dr, but maybe the inline comments are > useful too. Thanks. My ruleset has accumulated years of cruft. I should really sit down and rewrite the thing from square 1. I have one comment. You show what appears to be a bash script for setting up the rules. I work with the contents of file /var/lib/iptables/rules-save instead. -- Walter Dnes I don't run "desktop environments"; I run useful applications