[plug] configing iptables

Craig Ringer craig at postnewspapers.com.au
Mon Jul 22 13:15:28 WST 2002


> Yep, tried that one already. Seems to be broken for debian :(.
woody + iptables can be done very cleanly: apt-get install ipmasq then 
override the /etc/ipmasq/rules/I90external rule by copying 
I90external.def to I90external.rul then editing to taste. You seem (from 
below) to have a grasp on iptables command syntax so you should be off.

> To reiterate, I've tried a bunch of firewall scripts and builders and
> none of them do what I want. A lot are broken for debian and a lot can't
> cope with the concept of firewalling ppp0 without ppp0 being up and
> exposed before even talking about it.
Aha. Another ipmasq handy thing: you can have it re-start whenever your 
ppp iface(s) go up/down, updating the ruleset.


> Is that ok? or is there a better way of doing what I want.

What you wrote looks fine to me but I'm no firewall expert. I do think 
that using ipmasq would simplify it as it fits in so well to the debian 
networking etc and is easy to customize just the bits you need to.

-- 
Craig Ringer
GPG Key Fingerprint: AF1C ABFE 7E64 E9C8 FC27  C16E D3CE CDC0 0E93 380D
	-- if it ain't broke, add features 'till it is. (or:)
	while (! broken) { features ++ ; broken = isBroken(features) }




More information about the plug mailing list