[plug] configing iptables
Craig Ringer
craig at postnewspapers.com.au
Mon Jul 22 13:15:28 WST 2002
> Yep, tried that one already. Seems to be broken for debian :(.
woody + iptables can be done very cleanly: apt-get install ipmasq then
override the /etc/ipmasq/rules/I90external rule by copying
I90external.def to I90external.rul then editing to taste. You seem (from
below) to have a grasp on iptables command syntax so you should be off.
> To reiterate, I've tried a bunch of firewall scripts and builders and
> none of them do what I want. A lot are broken for debian and a lot can't
> cope with the concept of firewalling ppp0 without ppp0 being up and
> exposed before even talking about it.
Aha. Another ipmasq handy thing: you can have it re-start whenever your
ppp iface(s) go up/down, updating the ruleset.
> Is that ok? or is there a better way of doing what I want.
What you wrote looks fine to me but I'm no firewall expert. I do think
that using ipmasq would simplify it as it fits in so well to the debian
networking etc and is easy to customize just the bits you need to.
--
Craig Ringer
GPG Key Fingerprint: AF1C ABFE 7E64 E9C8 FC27 C16E D3CE CDC0 0E93 380D
-- if it ain't broke, add features 'till it is. (or:)
while (! broken) { features ++ ; broken = isBroken(features) }
More information about the plug
mailing list