From: Aleksandar Milivojevic <amilivojevic@pbl.ca>
To: netfilter@lists.netfilter.org
Subject: Re: Iptables
Date: Tue, 28 Sep 2004 09:09:13 -0500 [thread overview]
Message-ID: <41597089.9050900@pbl.ca> (raw)
In-Reply-To: <MAIL5urjNnTNG33J7pq00000024@mail.netscan.ca>
Contact wrote:
> This helps a bit, but still way out of my league - there is a lot of stuff
> to remember. In the many sites, including the one you list below, they talk
> of various configurations before ever getting to the rules - is this
> necessary?
>
> i.e.
>
> INET_IP="194.236.50.155"
> INET_IFACE="eth0"
> INET_BROADCAST="194.236.50.255"
Those are variables in shell script. Basically they are there to make
your life easier when you need to modify something. These two will do
the same:
iptables -A INPUT -i eth0 .....
INET_IFACE="eth0"
iptables -A INPUT -i "$INET_IFACE" .....
> Then a bunch of modules are loaded....
Most of them you don't need to load by hand (they'll get loaded
automatically). There are few exceptions, such as ip_nat_ftp module
that needs to be loaded explicitly (if you need it, that is).
> Are <if_lan>, <net_lan> and <if_inet> reserved commands or do I need to put
> something in here. I am assuming these are variables and tie in with the
> above - not sure though.
Those are the places in Rob's examples where you need to fill in your
data. For example you would chage <if_inet> to eth0 or "$INET_IFACE".
> One last thing. Is there a way to block an entire domain i.e. domain.com or
> an entire IP block i.e 24.168.1.0/24.
You can block only by IP address (host or network). You can't block by
domain name (which would be an useless feature even if it was possible,
lurking people into false sense of security).
--
Aleksandar Milivojevic <amilivojevic@pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
next prev parent reply other threads:[~2004-09-28 14:09 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-28 5:07 Iptables Contact
2004-09-28 5:25 ` Iptables Rob Sterenborg
2004-09-28 8:19 ` Iptables Contact
2004-09-28 14:04 ` Iptables Jason Opperisano
2004-09-28 14:09 ` Aleksandar Milivojevic [this message]
2004-09-28 10:36 ` Iptables John A. Sullivan III
2004-09-28 14:27 ` Iptables Jose Maria Lopez
-- strict thread matches above, loose matches on Subject: below --
2012-04-14 12:20 IPTables nullv
2012-04-13 23:54 IPTables nullv
2012-04-14 9:35 ` IPTables Amos Jeffries
2012-04-13 23:53 IPTables nullv
[not found] <047d7b10cb31c8716404bd5f56a7@google.com>
[not found] ` <e89a8ff2474fc99c5604bd608a88@google.com>
2012-04-11 13:06 ` IPTables Ethy H. Brito
2012-04-11 3:03 IPTables Al Grant
2012-04-11 3:45 ` IPTables Ethy H. Brito
2012-04-11 6:33 ` IPTables John Lister
[not found] <BANLkTi=G1ecs9wx+QgAcUphK2-jg60nbAw@mail.gmail.com>
2011-06-02 11:47 ` Iptables Pablo Neira Ayuso
2009-04-27 8:05 iptables Manu
2009-04-29 20:32 ` iptables Jan Engelhardt
2009-05-05 13:38 ` iptables Patrick McHardy
2009-05-05 19:26 ` iptables Jan Engelhardt
2009-05-06 7:53 ` iptables Manu
2008-01-13 18:53 Can't set up transparent proxy on XO laptop P Zemlja
2008-01-13 22:44 ` G.W. Haywood
2008-01-14 7:45 ` iptables sa
2008-01-14 9:17 ` iptables G.W. Haywood
2008-01-15 13:12 ` iptables sa
2008-01-15 14:54 ` iptables G.W. Haywood
2006-10-19 5:08 IPTABLES tarak
2005-06-19 2:17 iptables s s
2005-05-19 17:45 Iptables Chadley Wilson
2005-05-19 19:33 ` Iptables Jason Opperisano
2005-05-19 20:13 ` Iptables Chadley Wilson
2005-05-19 21:43 ` Iptables Jason Opperisano
2005-05-20 5:38 ` Iptables Chadley Wilson
2005-05-20 5:50 ` Iptables Jason Opperisano
2005-05-20 6:04 ` Iptables Rob Sterenborg
2005-05-20 6:26 ` Iptables Rob Sterenborg
2005-05-18 21:04 Iptables Limbert Fuentes Quiroga
2005-01-31 11:31 iptables Alabama
2005-01-31 12:02 ` iptables John A. Sullivan III
[not found] ` <5.2.0.9.0.20050131135158.02a9dec0@poczta.interia.pl>
2005-01-31 13:18 ` iptables John A. Sullivan III
2005-01-31 11:16 iptables Andrzej
2004-11-29 14:58 iptables MANJUNATH
2004-06-19 23:02 Iptables Xiaofang Chen
2004-06-21 18:26 ` Iptables Ian Pratt
2004-05-27 17:51 iptables Alejandro Cabrera Obed
2004-02-27 2:23 iptables mustafa hassan
[not found] <20040205052840.10884.25667.Mailman@netfilter-sponsored-by.noris.net>
2004-02-09 4:48 ` iptables VeNoMouS
2004-02-14 20:17 ` iptables Harald Welte
2004-01-31 8:39 Iptables Ivan Zagvozkine
2004-01-28 11:12 Iptables jean-francois fleury
2004-01-28 13:25 ` Iptables Jeffrey Laramie
2004-01-16 22:36 iptables Wilmar jose wagner
2004-01-22 22:33 ` iptables Pablo Neira
2003-05-26 13:34 iptables Wan System S.R.L.
2003-05-26 15:27 ` iptables Pedro C. Arias
2003-04-28 18:29 IPTABLES lfps
2003-04-23 5:17 iptables Star Fire
2003-02-27 18:04 iptables Guss
2003-01-19 17:30 iptables VASIF MUSAOGULLARI
2003-01-21 11:42 ` iptables Erdal Mutlu
2003-01-17 9:20 IPtables Jet
2002-11-18 22:30 iptables Alexandre Carlos
2002-10-17 23:25 IPtables Alexandre Carlos
2002-06-28 13:28 iptables luigicart
2002-06-28 13:45 ` iptables Antony Stone
2002-06-28 13:48 ` iptables Tom Eastep
2002-06-28 14:00 ` iptables Joe Patterson
2002-06-18 21:06 iptables Russell Coker
2002-06-20 12:44 ` iptables Stephen Smalley
2002-06-13 9:03 Iptables Paulo Andre
2002-06-11 2:24 iptables Matthew Hellman
2002-06-10 14:06 iptables Paulo Andre
2002-06-10 19:27 ` iptables Antony Stone
2002-06-11 2:23 ` iptables Matthew Hellman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41597089.9050900@pbl.ca \
--to=amilivojevic@pbl.ca \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.