[plug] ipchains -> iptables

Nathan Alberti macro at nathan.linux-dude.net
Thu Jan 24 22:21:42 WST 2002


iptables and ipchains can either:

1) Be compiled as a module and loaded/unloaded as you wish.

2) Be compiled directly as part of the kernel.

If you are using RH7.2 its likely that iptables is part of the default
kernel.

Regards,

Nathan.


----- Original Message -----
From: "Mark Nold" <markn at enspace.com>
To: <simpware at yahoo.com>
Cc: <plug at plug.org.au>
Sent: Thursday, January 24, 2002 10:14 PM
Subject: [plug] ipchains -> iptables


>
>
> I got started on iptables (with no idea of ipchains) from the
"Masquerading
> Made Simple HOWTO"
>
> I have a hard copy of it, but unfortunatly www.linuxdoc.org seems down (i
> think thats where i got it from)
>
> For dialup ppp it recommended the following. NB: I added the "rmmod
ipchains"
> any idea of how to get rid of the ipchains module... it doesnt appear to
be
> in /etc/modules.conf (Redhat 7.2)
>
> I'm using this whilst digesting the "Security Quick-Start HOWTO for Redhat
> Linux" ... which isnt as quick as says ;)
>
>
>
> #!/bin/sh
> # IP Tables to secure a dialup connection
> ifup ppp0
> rmmod ipchains
> # Fisrt MASQUERADING
> modprobe ipt_MASQUERADE
> iptables -F; iptables -t nat -F; iptables -t mangle -F
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> # Now Secure the interface
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
> iptables -P INPUT DROP
> iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
>
>
>



More information about the plug mailing list