On Thu, 2002-04-11 at 23:58, Rob Gillen wrote: > I'm pretty sure that most of what ICS accomplishes is done through > iptables, and from what I saw not in too secure a manner (at least it > doesn't in the "high" level security setting). For the most part, if > you know what you are doing, you can replace /etc/rc.d/rc.firewall > script with your own. I'm not too sure how the Mandrake configuration > tools are affected by such a move (I find GUI tools sometimes > frustrating), but I haven't had any problems so far -- probably > because I haven't tried to further alter anything with the tools. > > FYI, one of the nicer iptables firewalling scripts I've found for a > connection-sharing gateway machine can be obtained here: > > http://www.linuxguruz.org/iptables/scripts/rc.firewall_023.txt > > You can find a lot of other good scripts at the same site > (http://www.linuxguruz.org/iptables) which makes it a great site for > studying how to configure packet filtering and NAT. For those > familiar with shell scripting, the above script should be pretty > self-explanatory (it actually has decent comments embedded for your > learning pleasure),and with a few mods here and there, you should be > able to generate a halfway decent firewall. Note that this one allows > external machines to ping the firewall, which I prefer to disable. > Please make sure that you review these scripts and understand them > before blindly using them! It is probably wise to just use them as a > guide to writing your own script. > > Finally, a few good places to test your firewall configuration after > you have it set: > > http://www.dslreports.com/tools > http://crypto.yashy.com/nmap.php > https://secure1.securityspace.com/smysecure/norisk_index.html > > Happy firewalling! > > ROB
Thanks, Rob! That looks exactly like what I was looking for; I can't wait to start experimenting. I've got a question, tho....have you encountered a situation yet where a GUI config app thought it required ipchains for something, and it tried to install ipchains rpms even though iptables was there and fully functional? Are there "bad things" that happen when this occurs? It's happened here, but things still work. I've been of a mind to rid the system of all ipchains rpm debris and rely totally on the very capable iptables system, but there do seem to be certain parts of Mandrake control center that think they need ipchains. I'm curious as to the "official" way to handle this; otherwise it looks like a choice between the GUI and the command line; i.e., manual /etc/rc.d/rc.firewall editing vs MCC, but not both. (?) Thanks for the info, LX -- °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° Kernel 2.4.8-26mdk Mandrake Linux 8.1 Enlightenment 0.16.5 Evolution 1.02 Registered Linux User #268899 http://counter.li.org/ °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com