On Thursday 2011-05-05 01:19, Andrew Beverley wrote: >On Wed, 2011-05-04 at 18:01 -0500, Harry Putnam wrote: >> Setup: Running Gentoo Linux >> Iptables and many related parts compiled into kernel >> >> Can anyone offer well used and vouched for URLs to iptables scripts >> for a starter firewall setup? >> > >There's plenty of stuff out there if you Google, but if you tell us >exactly what you want to achieve then we will suggest something. > >A good starting point for a basic firewall is to block all incoming >unrelated requests, but let everything out. Not particularly >comprehensive, but it may suit your needs: > >iptables -A INPUT -i $ext_IF -m state \ > --state ESTABLISHED,RELATED -j ACCEPT >iptables -A INPUT -i $ext_IF -j DROP -m conntrack --ctstate ... it is these days. And beyond the first, it's all custom in a sense that scripts only cater for a subset of cases. By the time you configured a frontend you can end up wanting something that it cannot map, and so, one is oftentimes better of with just writing the rules oneself, also because then the amount of autogenerated indirections is none. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
