Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Dumb newbie question

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 12 Aug 2004 15:49:11 -0400 (EDT)

Howdy Rip et. al.,

I disagree.  I think getting to know the iptables commands as well as all
the addon modules that are likely built into the kernel on this debian
system is important, from the commandline perspective rather then with a
sweet GUI hiding the ugly from the user.  the netfilter site has a number
of highly documented rulesets one can use as a guid when building their
own rules.  Reading through these and paying close attention to the
authors documentation for the rules given there are going to give one a
much better understanding of what is going on with the choices one wishes
to make.  It;s also going to aid one in trying to find out what is
breaking their connectivity, and fixing those issues, as well as aid one
in adapting to current needs as they arise if one has a decent
understanding of the internal of iptable/netfilter.

Thanks,

Ron DuFresne

On Mon, 9 Aug 2004, Loomis, Rip wrote:


I saw several other responses, but I think that they were
all missing some critical points.
 

I'm just getting into [Debian] Linux and iptables - a definite
newbie! [...] My question is, where is the rule script stored?
I want to start trying my own rules but I don't know where the
file is to modify. 


You've self-assessed as a newbie, but you want to start "trying
your own rules".  Rather than starting by doing iptables rules
directly, I'd recommend that you look at installing a package
that will allow you to specify rules using a syntax that's easier
to comprehend--I've had good results with the "shorewall"
package, but there are other good ones out there.

If you're really interested in security, then installing such
a package (combined with R its FM) will make it easier to construct
a rule set that makes sense.  In my experience, teaching myself
a packet filter by grabbing random rules off webpages and
trying to make soup out of them can have...interesting...results.

YMMV, of course--but based on your self-assessment I wouldn't
recommend just mucking with iptables rules directly.  Not saying
it won't work, but you'd learn more quickly by letting a firewall
package construct a ruleset for you and then going back and
looking at  the rules it put together and figuring out what each
rule does.

--
Rip Loomis - SAIC
Brainbench MVP for Internet Security
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: