Re: user defined chains - John A. Sullivan III

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "John A. Sullivan III" <John.Sullivan@nexusmgmt.com>
To: Payal Rathod <payalrathod@gmail.com>
Cc: netfilter <netfilter@lists.netfilter.org>
Subject: Re: user defined chains
Date: Mon, 12 Jul 2004 15:51:14 -0400	[thread overview]
Message-ID: <40F2EBB2.7040709@nexusmgmt.com> (raw)
In-Reply-To: <f51b72bc040712114970f47399@mail.gmail.com>

Payal Rathod wrote:
> Hi,
> If I want to design a firewall for a network on a high end machine
> with lot of RAM and swap, is there any real use of user defined
> chains? I find them difficult so I would like to use only the built-in
> chains. Is that ok?
> 
> With warm regards,
> -Payal
It may be OK but you will severely limit what you can do.  If your 
security environment is simple, that will be fine.  If it is not, user 
defined chains are a real blessing.  We use them extensively in the ISCS 
project (http://iscs.sourceforge.net) to handle very complicated and 
frequently changing security configurations.  In fact, they are the 
entire key to our access control magic and much of our automated NAT 
configuration.

Again, unless your environment is very simple, it is probably well worth 
your time to become very familiar with user defined chains.  Oskar 
Andreasson has an excellent tutorial in the tutorials section of 
http://www.netfilter.org and there are training slide shows in the 
training section on the ISCS web page.  Good luck - John
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net

next prev parent reply	other threads:[~2004-07-12 19:51 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-07-12 18:49 user defined chains Payal Rathod
2004-07-12 19:51 ` John A. Sullivan III [this message]
2004-07-12 20:02   ` Antony Stone
2004-07-12 19:55 ` Antony Stone

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=40F2EBB2.7040709@nexusmgmt.com \
    --to=john.sullivan@nexusmgmt.com \
    --cc=netfilter@lists.netfilter.org \
    --cc=payalrathod@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.