David Miller wrote:
From: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
Date: Fri, 16 Nov 2007 13:19:43 +0100 (CET)
Well, anyway, what modules did you have in mind NETFILTER_ADVANCED=n would turn
on?
Basic NAT and connection tracking, nothing else.
Thats not very useful without iptables and a couple of matches and
targets to make use of it :)
What I have in mind is roughly:
IPv4/IPv6 conntrack
NAT
ip_tables/ip6_tables
tables: filter, nat
matches: tcpudp, state, limit, hashlimit, policy
targets: LOG, NFLOG, TCPMSS, REJECT, MASQUERADE
That should be enough for a simple firewall script. I'm not sure
whether we should also select helpers though. Maybe the common
ones, like ftp, irc and sip?
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html