Firewall Wizards mailing list archives
RE: Dumb newbie question
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 12 Aug 2004 15:49:11 -0400 (EDT)
Howdy Rip et. al., I disagree. I think getting to know the iptables commands as well as all the addon modules that are likely built into the kernel on this debian system is important, from the commandline perspective rather then with a sweet GUI hiding the ugly from the user. the netfilter site has a number of highly documented rulesets one can use as a guid when building their own rules. Reading through these and paying close attention to the authors documentation for the rules given there are going to give one a much better understanding of what is going on with the choices one wishes to make. It;s also going to aid one in trying to find out what is breaking their connectivity, and fixing those issues, as well as aid one in adapting to current needs as they arise if one has a decent understanding of the internal of iptable/netfilter. Thanks, Ron DuFresne On Mon, 9 Aug 2004, Loomis, Rip wrote:
I saw several other responses, but I think that they were all missing some critical points.I'm just getting into [Debian] Linux and iptables - a definite newbie! [...] My question is, where is the rule script stored? I want to start trying my own rules but I don't know where the file is to modify.You've self-assessed as a newbie, but you want to start "trying your own rules". Rather than starting by doing iptables rules directly, I'd recommend that you look at installing a package that will allow you to specify rules using a syntax that's easier to comprehend--I've had good results with the "shorewall" package, but there are other good ones out there. If you're really interested in security, then installing such a package (combined with R its FM) will make it easier to construct a rule set that makes sense. In my experience, teaching myself a packet filter by grabbing random rules off webpages and trying to make soup out of them can have...interesting...results. YMMV, of course--but based on your self-assessment I wouldn't recommend just mucking with iptables rules directly. Not saying it won't work, but you'd learn more quickly by letting a firewall package construct a ruleset for you and then going back and looking at the rules it put together and figuring out what each rule does. -- Rip Loomis - SAIC Brainbench MVP for Internet Security _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Dumb newbie question traef06 RAEF (Aug 06)
- Re: Dumb newbie question Kevin Sheldrake (Aug 06)
- Re: Dumb newbie question Jorge Duarte RodrÃguez (Aug 06)
- <Possible follow-ups>
- RE: Dumb newbie question Loomis, Rip (Aug 12)
- RE: Dumb newbie question R. DuFresne (Aug 12)
- Re: Dumb newbie question John Babwell (Aug 16)
- Re: Dumb newbie question Jim Seymour (Aug 20)
- Re: Dumb newbie question Devdas Bhagat (Aug 20)