Hello,
This is my first post :^), so I thought I'd just toss this out.
For those of you playing with the new 2.4 Linux Kernels you'll notice that
the main firewall software for Linux will be changing quite a bit.
For those not familiar, the new binary is called iptables, pretty neat
program. I've spent the last few weeks getting it working, testing things
out, etc.
Here's a rulelist I wrote to test some things, it's a basic dual homed
configuration: http://www.sentry.net/~obsid/IPTables/
I threw quite a bit of details(some redundant) into the script mainly for
testing. I'd be interested in hearing any comments. My main platform is
just Slackware 7, using the linux-2.4.0-test1, test2, and test4 kernels.
Netfilter seems to have some pretty cool advantages over IPchains, solves
alot of problems. Here are a couple interesting things off the top of my
head:
- New NAT stuff, SNAT(masquerading), DNAT, etc. Different than IPChains,
but it makes more sense once you get used to it.
- Passive/Active FTP(without a DMZ) INPUT/OUTPUT is not a problem.
- You can "redirect" traffic internally and externally on a dual homed
firewall, if you really really want to.
I've been running NAT only on the router for the last couple weeks without
any major problems. The kernels are a different story... but they're
getting better.
Here's the home page for the Netfilter Project for those interested:
http://netfilter.kernelnotes.org/
Obsid
Quick note for those who haven't heard of Netfilter:
Most people I mention this to have a similar reaction, something like,
"Dood, why are they always changing the name and stuff, it's confusing..."
I had the same reaction. First, if you've used IPChains, IPTables isn't
that much different in regard to syntax. It is quite a different program
however. And second, don't panic, you can still use IPChains, and ipfwadm,
in the 2.4 kernels. So, dude, just go with it, man.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
