Hi all,
Can someone give me some best-practices for setting up iptables on a
Debian system? I'm looking for things like where should the rules be
placed, what startup script to use [1], good configuration tools [2] and
so on. URLs are appreciated, I dont mind reading :-)
I'm currently setting up iptables on a single-server enviroment (no
routing), but since I will be using iptables a lot, general concepts are
also welcome.
--
[1] When looking around how to set up iptables, I found in
/etc/default/iptables some discouraging words (apparently from the
author) about the usage of the iptables init.d script, which can be
summarized to this: "Do not use it". Why not? And if not, is there any
other way?
[2] I tried firestarter, seems nice. However, it produces a large
ruleset with tones of redundant rules and /proc optimizations (for
instance, the anti-spoof filtering is activated by default). It involves
too much editing, which I have no problem doing it if someone tells me
it's worth it.
Thanks in advance,
~kmag
Costas Magkos
Internet Systematics Lab
Athens, Greece