This helps a bit, but still way out of my league - there is a lot of stuff to remember. In the many sites, including the one you list below, they talk of various configurations before ever getting to the rules - is this necessary?
i.e.
INET_IP="194.236.50.155" INET_IFACE="eth0" INET_BROADCAST="194.236.50.255"
Those are variables in shell script. Basically they are there to make your life easier when you need to modify something. These two will do the same:
iptables -A INPUT -i eth0 .....
INET_IFACE="eth0" iptables -A INPUT -i "$INET_IFACE" .....
Then a bunch of modules are loaded....
Most of them you don't need to load by hand (they'll get loaded automatically). There are few exceptions, such as ip_nat_ftp module that needs to be loaded explicitly (if you need it, that is).
Are <if_lan>, <net_lan> and <if_inet> reserved commands or do I need to put something in here. I am assuming these are variables and tie in with the above - not sure though.
Those are the places in Rob's examples where you need to fill in your data. For example you would chage <if_inet> to eth0 or "$INET_IFACE".
One last thing. Is there a way to block an entire domain i.e. domain.com or an entire IP block i.e 24.168.1.0/24.
You can block only by IP address (host or network). You can't block by domain name (which would be an useless feature even if it was possible, lurking people into false sense of security).
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
