Hello, Well, after much reading and studying of iptables, I have written different rules for different workstations and firewalls. It's time to begin testing.
Question 1: I'm planning on using nmap and nessus to test from the outside(internet) inward). On the inside I plan on using snort, an monitoring the various log files. Any further suggestions on testing? Although I have read quite a lot, including the most excellent, just published book, "Linux Firewalls" third edition, I'm still not quite clear about some iptables details on Gentoo: Question 2: /etc/init.d/iptables is the startup script. Take Care not to change this script unless absolutely necessary. /etc/conf.d/iptables is the configuration file for default file names and options. Make my modifications here, if I want something different other than the default gentoo iptables setup. /etc/init.d/firewall is the default file where where you put your rules you have written or grabbed elsewhere and modified to meet your specific needs. /var/lib/iptables/rules-save is the file that will save out from kernel memory the actual rulesets being used. This file is also reloaded as necessary. Avoid direct modifications to this. Is this explanation correct? Did I miss something or get something confused. I could not really find any documentation on this, so much was inference from various linux sites, some very old, and a few gentoo specific sites. Assuming this is correct, I have seen many command line options and differing recommendations on how to modify the rules and when to save them out and to what file. Any details one can provide, that are gentoo specific, are most welcome. James James -- gentoo-user@gentoo.org mailing list
