Phil Oester wrote:
On Fri, Nov 16, 2007 at 01:49:45PM +0100, Patrick McHardy wrote:
What I have in mind is roughly:
IPv4/IPv6 conntrack
NAT
ip_tables/ip6_tables
tables: filter, nat
matches: tcpudp, state, limit, hashlimit, policy
targets: LOG, NFLOG, TCPMSS, REJECT, MASQUERADE
That should be enough for a simple firewall script. I'm not sure
whether we should also select helpers though. Maybe the common
ones, like ftp, irc and sip?
I'd vote for at least FTP here...most users will use it at
some point (or if they don't, wonder why FTP is broken).
I agree. It would be useful if some users of a distribution that
includes a firewall script could check which modules it requires.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html