Re: CONFIG_NETFILTER_ADVANCED

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Nov 16, 2007 at 01:49:45PM +0100, Patrick McHardy wrote:
> What I have in mind is roughly:
> 
> IPv4/IPv6 conntrack
> NAT
> ip_tables/ip6_tables
> tables: filter, nat
> matches: tcpudp, state, limit, hashlimit, policy
> targets: LOG, NFLOG, TCPMSS, REJECT, MASQUERADE
> 
> That should be enough for a simple firewall script. I'm not sure
> whether we should also select helpers though. Maybe the common
> ones, like ftp, irc and sip?

I'd vote for at least FTP here...most users will use it at
some point (or if they don't, wonder why FTP is broken).

Phil
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux