* [gentoo-user] iptables
@ 2009-07-16 3:32 Dave
2009-07-16 8:41 ` Marco
0 siblings, 1 reply; 6+ messages in thread
From: Dave @ 2009-07-16 3:32 UTC (permalink / raw
To: gentoo-user
Hello,
I'm looking for a guide for iptables specifically for gentoo 2.6.
I was also wondering if anyone was using apf "Advanced Policy
Firewall" on a gentoo 2008.0 2.6 machine?
Thanks.
Dave.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-user] iptables
2009-07-16 3:32 [gentoo-user] iptables Dave
@ 2009-07-16 8:41 ` Marco
2009-07-16 8:43 ` Marco
0 siblings, 1 reply; 6+ messages in thread
From: Marco @ 2009-07-16 8:41 UTC (permalink / raw
To: gentoo-user
Hi Dave,
this one is rather informative:
http://www.novell.com/coolsolutions/feature/18139.html
Also, this one from gentoo (although for 2.4) is worth reading:
http://www.gentoo.org/doc/en/articles/linux-24-stateful-fw-design.xml
HTH!
--
Regards,
Marco
On Thu, Jul 16, 2009 at 5:32 AM, Dave<dave.mehler@gmail.com> wrote:
> Hello,
> I'm looking for a guide for iptables specifically for gentoo 2.6.
> I was also wondering if anyone was using apf "Advanced Policy
> Firewall" on a gentoo 2008.0 2.6 machine?
> Thanks.
> Dave.
>
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-user] iptables
2009-07-16 8:41 ` Marco
@ 2009-07-16 8:43 ` Marco
2009-07-16 13:42 ` Alejandro
0 siblings, 1 reply; 6+ messages in thread
From: Marco @ 2009-07-16 8:43 UTC (permalink / raw
To: gentoo-user
Maybe this thread could be helpful as well:
http://marc.info/?l=gentoo-user&m=124058693215810&w=2
--
Regards,
Marco
On Thu, Jul 16, 2009 at 10:41 AM, Marco<listworks@gmail.com> wrote:
> Hi Dave,
>
> this one is rather informative:
>
> http://www.novell.com/coolsolutions/feature/18139.html
>
> Also, this one from gentoo (although for 2.4) is worth reading:
>
> http://www.gentoo.org/doc/en/articles/linux-24-stateful-fw-design.xml
>
> HTH!
>
> --
> Regards,
> Marco
>
>
>
> On Thu, Jul 16, 2009 at 5:32 AM, Dave<dave.mehler@gmail.com> wrote:
>> Hello,
>> I'm looking for a guide for iptables specifically for gentoo 2.6.
>> I was also wondering if anyone was using apf "Advanced Policy
>> Firewall" on a gentoo 2008.0 2.6 machine?
>> Thanks.
>> Dave.
>>
>>
>>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-user] iptables
2009-07-16 8:43 ` Marco
@ 2009-07-16 13:42 ` Alejandro
2009-07-16 14:55 ` Nevynxxx
2009-07-17 12:13 ` [gentoo-user] iptables James
0 siblings, 2 replies; 6+ messages in thread
From: Alejandro @ 2009-07-16 13:42 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1029 bytes --]
2009/7/16 Marco <listworks@gmail.com>
> Maybe this thread could be helpful as well:
>
> http://marc.info/?l=gentoo-user&m=124058693215810&w=2
>
> --
> Regards,
> Marco
>
>
> On Thu, Jul 16, 2009 at 10:41 AM, Marco<listworks@gmail.com> wrote:
> > Hi Dave,
> >
> > this one is rather informative:
> >
> > http://www.novell.com/coolsolutions/feature/18139.html
> >
> > Also, this one from gentoo (although for 2.4) is worth reading:
> >
> > http://www.gentoo.org/doc/en/articles/linux-24-stateful-fw-design.xml
> >
> > HTH!
> >
> > --
> > Regards,
> > Marco
> >
> >
> >
> > On Thu, Jul 16, 2009 at 5:32 AM, Dave<dave.mehler@gmail.com> wrote:
> >> Hello,
> >> I'm looking for a guide for iptables specifically for gentoo 2.6.
> >> I was also wondering if anyone was using apf "Advanced Policy
> >> Firewall" on a gentoo 2008.0 2.6 machine?
> >> Thanks.
> >> Dave.
> >>
> >>
> >>
> >
>
> I use APF, for all my desktop/servers with debian and gentoo, is quite
easy and works great. In 10' you have iptables running.
[-- Attachment #2: Type: text/html, Size: 1998 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [gentoo-user] iptables
2009-07-16 13:42 ` Alejandro
@ 2009-07-16 14:55 ` Nevynxxx
2009-07-17 12:13 ` [gentoo-user] iptables James
1 sibling, 0 replies; 6+ messages in thread
From: Nevynxxx @ 2009-07-16 14:55 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1.1: Type: text/plain, Size: 718 bytes --]
Alejandro wrote:
>
> > On Thu, Jul 16, 2009 at 5:32 AM, Dave<dave.mehler@gmail.com
> <mailto:dave.mehler@gmail.com>> wrote:
> >> Hello,
> >> I'm looking for a guide for iptables specifically for
> gentoo 2.6.
> >> I was also wondering if anyone was using apf "Advanced
> Policy
> >> Firewall" on a gentoo 2008.0 2.6 machine?
> >> Thanks.
> >> Dave.
> >>
> >>
> >>
> >
>
> I use APF, for all my desktop/servers with debian and gentoo, is
> quite easy and works great. In 10' you have iptables running.
I tend to just use webmin. Emerge iptables, emerge webmin, and get a
nice easy to follow GUI that sets up the iptables.
[-- Attachment #1.2: Type: text/html, Size: 1447 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 261 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* [gentoo-user] Re: iptables
2009-07-16 13:42 ` Alejandro
2009-07-16 14:55 ` Nevynxxx
@ 2009-07-17 12:13 ` James
1 sibling, 0 replies; 6+ messages in thread
From: James @ 2009-07-17 12:13 UTC (permalink / raw
To: gentoo-user
Alejandro <elcorreodeale <at> gmail.com> writes:
> I use APF, for all my desktop/servers with debian and gentoo,
> is quite easy and works great. In 10' you have iptables running.
Interesting. I usually hack my rule by hand, as I like to learn
as much about iptables and the ever changing kernel interaction
issues. Particularly, I'm experimenting with embedded and very
light weight fire hardware (586 processors).
Do you think APF will allow me to use it's front end (gui) to build
the raw iptable files and then go into them manually, make
edits and changes, and load them manually onto a variety of
light_weight linux servers and firewall.
Most of the frontend (gui) systems to iptables, do not simple write
out, either the rules one needs.
/var/lib/iptables/rules-save file contains a form of the rules
or better yet, a front end that just generate raw rules in
iptable format that I can read and add to my /etc script?
var/lib/iptables/rules-save
first few rules looks like this:
:INPUT DROP [44:2925]
:FORWARD ACCEPT [117727109:41814106432]
:OUTPUT ACCEPT [75971:11854908]
[8913:443731] -A INPUT -p tcp -m tcp --dport 445 -j DROP
[2629:133240] -A INPUT -p tcp -m tcp --dport 139 -j DROP
[9578:481396] -A INPUT -p tcp -m tcp --dport 135 -j DROP
[1174:49600] -A INPUT -p tcp -m tcp --dport 1433 -j DROP
[23160:1195298] -A INPUT -p tcp -m tcp --dport 25 -j DROP
[198:9532] -A INPUT -p tcp -m tcp --dport 4899 -j DROP
[160198:18547126] -A INPUT -i ! eth2 -j ACCEPT
The corresponding rules from my script look like this:
iptables="/sbin/iptables"
iptables -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -X
$iptables --flush
$iptables -t nat --flush
$iptables -t mangle --flush
$iptables -X
$iptables -t nat -X
$iptables -t mangle -X
$iptables --policy INPUT ACCEPT
$iptables --policy OUTPUT ACCEPT
$iptables --policy FORWARD ACCEPT
$iptables -t nat --policy PREROUTING ACCEPT
$iptables -t nat --policy OUTPUT ACCEPT
$iptables -t nat --policy POSTROUTING ACCEPT
$iptables -t mangle --policy PREROUTING ACCEPT
$iptables -t mangle --policy OUTPUT ACCEPT
Im looking for a gui front end to iptables that generates
the rules in a format you can put directly into a script.
Does ADF do this?
Any other package?
James
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2009-07-17 12:14 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-07-16 3:32 [gentoo-user] iptables Dave
2009-07-16 8:41 ` Marco
2009-07-16 8:43 ` Marco
2009-07-16 13:42 ` Alejandro
2009-07-16 14:55 ` Nevynxxx
2009-07-17 12:13 ` [gentoo-user] iptables James
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox