Re: CONFIG_NETFILTER_ADVANCED

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Phil Oester wrote:
On Fri, Nov 16, 2007 at 01:49:45PM +0100, Patrick McHardy wrote:
What I have in mind is roughly:

IPv4/IPv6 conntrack
NAT
ip_tables/ip6_tables
tables: filter, nat
matches: tcpudp, state, limit, hashlimit, policy
targets: LOG, NFLOG, TCPMSS, REJECT, MASQUERADE

That should be enough for a simple firewall script. I'm not sure
whether we should also select helpers though. Maybe the common
ones, like ftp, irc and sip?

I'd vote for at least FTP here...most users will use it at
some point (or if they don't, wonder why FTP is broken).


I agree. It would be useful if some users of a distribution that
includes a firewall script could check which modules it requires.

-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux