From: James <wireless@tampabay.rr.com>
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] Re: iptables
Date: Fri, 17 Jul 2009 12:13:37 +0000 (UTC) [thread overview]
Message-ID: <loom.20090717T115503-706@post.gmane.org> (raw)
In-Reply-To: 60a795cd0907160642x492ef9f3i49bd317b140a38a0@mail.gmail.com
Alejandro <elcorreodeale <at> gmail.com> writes:
> I use APF, for all my desktop/servers with debian and gentoo,
> is quite easy and works great. In 10' you have iptables running.
Interesting. I usually hack my rule by hand, as I like to learn
as much about iptables and the ever changing kernel interaction
issues. Particularly, I'm experimenting with embedded and very
light weight fire hardware (586 processors).
Do you think APF will allow me to use it's front end (gui) to build
the raw iptable files and then go into them manually, make
edits and changes, and load them manually onto a variety of
light_weight linux servers and firewall.
Most of the frontend (gui) systems to iptables, do not simple write
out, either the rules one needs.
/var/lib/iptables/rules-save file contains a form of the rules
or better yet, a front end that just generate raw rules in
iptable format that I can read and add to my /etc script?
var/lib/iptables/rules-save
first few rules looks like this:
:INPUT DROP [44:2925]
:FORWARD ACCEPT [117727109:41814106432]
:OUTPUT ACCEPT [75971:11854908]
[8913:443731] -A INPUT -p tcp -m tcp --dport 445 -j DROP
[2629:133240] -A INPUT -p tcp -m tcp --dport 139 -j DROP
[9578:481396] -A INPUT -p tcp -m tcp --dport 135 -j DROP
[1174:49600] -A INPUT -p tcp -m tcp --dport 1433 -j DROP
[23160:1195298] -A INPUT -p tcp -m tcp --dport 25 -j DROP
[198:9532] -A INPUT -p tcp -m tcp --dport 4899 -j DROP
[160198:18547126] -A INPUT -i ! eth2 -j ACCEPT
The corresponding rules from my script look like this:
iptables="/sbin/iptables"
iptables -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -X
$iptables --flush
$iptables -t nat --flush
$iptables -t mangle --flush
$iptables -X
$iptables -t nat -X
$iptables -t mangle -X
$iptables --policy INPUT ACCEPT
$iptables --policy OUTPUT ACCEPT
$iptables --policy FORWARD ACCEPT
$iptables -t nat --policy PREROUTING ACCEPT
$iptables -t nat --policy OUTPUT ACCEPT
$iptables -t nat --policy POSTROUTING ACCEPT
$iptables -t mangle --policy PREROUTING ACCEPT
$iptables -t mangle --policy OUTPUT ACCEPT
Im looking for a gui front end to iptables that generates
the rules in a format you can put directly into a script.
Does ADF do this?
Any other package?
James
prev parent reply other threads:[~2009-07-17 12:14 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-16 3:32 [gentoo-user] iptables Dave
2009-07-16 8:41 ` Marco
2009-07-16 8:43 ` Marco
2009-07-16 13:42 ` Alejandro
2009-07-16 14:55 ` Nevynxxx
2009-07-17 12:13 ` James [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=loom.20090717T115503-706@post.gmane.org \
--to=wireless@tampabay.rr.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox