Re: CONFIG_NETFILTER_ADVANCED

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



David Miller wrote:
From: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
Date: Fri, 16 Nov 2007 13:19:43 +0100 (CET)

Well, anyway, what modules did you have in mind NETFILTER_ADVANCED=n would turn
on?

Basic NAT and connection tracking, nothing else.


Thats not very useful without iptables and a couple of matches and
targets to make use of it :)

What I have in mind is roughly:

IPv4/IPv6 conntrack
NAT
ip_tables/ip6_tables
tables: filter, nat
matches: tcpudp, state, limit, hashlimit, policy
targets: LOG, NFLOG, TCPMSS, REJECT, MASQUERADE

That should be enough for a simple firewall script. I'm not sure
whether we should also select helpers though. Maybe the common
ones, like ftp, irc and sip?

-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux