From: Kerin Millar <kerframil@fastmail.co.uk>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] IPTABLES syntax change?
Date: Sat, 29 Dec 2012 03:59:16 +0000 [thread overview]
Message-ID: <50DE6A94.3060904@fastmail.co.uk> (raw)
In-Reply-To: <20121229024605.GB5340@waltdnes.org>
Walter Dnes wrote:
> On Fri, Dec 28, 2012 at 01:07:11AM -0500, Michael Orlitzky wrote
>> On 12/27/2012 10:59 PM, Walter Dnes wrote:
>>> Here's my revised "Paranoia Plus" ruleset. Any comments? Because I'm
>>> behind a NAT-ing ADSL router/modem, many of my rules rarely see hits.
>>> However, I do have a backup dialup connection in case of problems, so
>>> most of my rules don't specify the network interface. A couple of
>>> notes...
>>>
>> I did a bunch of inline comments below as I was trying to understand the
>> rules. At the end I give the tl;dr, but maybe the inline comments are
>> useful too.
>
> Thanks. My ruleset has accumulated years of cruft. I should really
> sit down and rewrite the thing from square 1. I have one comment. You
> show what appears to be a bash script for setting up the rules. I work
> with the contents of file /var/lib/iptables/rules-save instead.
>
Calling iptables repeatedly from a shell script is not advisable. A
better approach is described by Jan Engelhardt in his "Towards the
perfect ruleset" document:
http://inai.de/documents/Perfect_Ruleset.pdf
The method of working with /var/lib/iptables/rules-save is very similar
to that which he describes.
Cheers,
--Kerin
next prev parent reply other threads:[~2012-12-29 4:00 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-27 0:47 [gentoo-user] IPTABLES syntax change? Walter Dnes
2012-12-27 1:43 ` Michael Orlitzky
2012-12-27 11:28 ` Graham Murray
2012-12-27 16:36 ` Michael Orlitzky
2012-12-27 17:52 ` Matthias Hanft
2012-12-27 19:04 ` Michael Orlitzky
2012-12-27 23:11 ` Walter Dnes
2012-12-27 23:50 ` Michael Orlitzky
2012-12-28 3:59 ` Walter Dnes
2012-12-28 6:07 ` Michael Orlitzky
2012-12-28 6:15 ` Michael Orlitzky
2012-12-29 2:46 ` Walter Dnes
2012-12-29 3:59 ` Kerin Millar [this message]
2012-12-29 18:32 ` Walter Dnes
2012-12-29 18:49 ` Jarry
2012-12-30 22:42 ` Michael Orlitzky
2012-12-31 2:55 ` Adam Carter
2012-12-31 3:21 ` Walter Dnes
2013-01-02 21:36 ` Michael Orlitzky
2013-01-03 3:57 ` Pandu Poluan
2013-01-03 4:32 ` Michael Orlitzky
2013-01-04 20:17 ` Walter Dnes
2013-01-04 20:27 ` Michael Mol
2013-01-05 1:29 ` Walter Dnes
2013-01-05 3:26 ` Michael Mol
2013-01-05 11:57 ` Mick
2013-01-06 21:54 ` Walter Dnes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50DE6A94.3060904@fastmail.co.uk \
--to=kerframil@fastmail.co.uk \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox