IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Linux Forum / Eh?
Post #209,483
by pwhysall
Picture of pwhysall
6/2/05 12:31:28 AM
Reply
New Eh? 
 Description: Linux kernel 2.4+ iptables administration tools\n netfilter and iptables provide a Linux kernel framework for\n stateful and stateless packet filtering, network and port addresss\n translation, and other IP packet manipulation. The framework is the\n successor to ipchains.\n \n netfilter and iptables are used in applications such as Internet\n connection sharing, firewalls, IP accounting, transparent proxying,\n advanced routing and traffic control.\n  \n iptables web site: [link|http://www.iptables.org/|http://www.iptables.org/]


That's on my Ubuntu box (tracking Breezy). What's yours say?

To answer your question: iptables is the current state of the art in Linux firewalling.



Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
Post #209,499
by static
Picture of static
6/2/05 12:50:46 AM
Reply
New Have a look at its documentation.
The file /usr/share/doc/iptables/README.Debian refers several times to the "deprecated script in init.d" and /etc/default/iptables tells the reader twice and quite pointedly "Do not use it."

I know iptables is the mutt's nuts of firewalling in Linux - but why the rubbish about a nice simple init.d script - that they supply! - that saves and loads 'em? It's a bit like sendmail.cf all over again: "Don't play in there, it's too complex, you won't understand it. Go configure it with these other macros over here which can probably do most of what you'll want."

Wade.
Save Fintlewoodlewix
Post #209,500
by pwhysall
Picture of pwhysall
6/2/05 12:54:35 AM
Reply
New Ah, I see your point.
Yeah, that's silly.

"here's a script. don't use it."

Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
Post #209,786
by scoenye
6/3/05 2:19:52 PM
Reply
New That refers to the script only
There is nothing wrong with iptables. They just didn't want to take on the responsibility for your firewall rules.
Post #209,973
by static
Picture of static
6/5/05 11:12:36 PM
Reply
New Yes, I know it's just the script.
It's as Peter said: "Here's a script; don't use it." WTF?

I might drop the guy an email and suggest a better way to word that document. It's currently very odd.

Wade.
Save Fintlewoodlewix
     Firewalling question for Debian Sarge. - (static) - (6) - June 1, 2005, 11:04:31 PM EDT
         Eh? - (pwhysall) - (4) - June 2, 2005, 12:31:28 AM EDT
             Have a look at its documentation. - (static) - (3) - June 2, 2005, 12:50:46 AM EDT
                 Ah, I see your point. - (pwhysall) - June 2, 2005, 12:54:35 AM EDT
                 That refers to the script only - (scoenye) - (1) - June 3, 2005, 02:19:52 PM EDT
                     Yes, I know it's just the script. - (static) - June 5, 2005, 11:12:36 PM EDT
         apt-get install fwbuilder - (folkert) - June 2, 2005, 01:06:03 PM EDT

Running on an Atari 800 with two extra 16KB memory banks.
43 ms