Re: Fwd: Critque of IPTables Firewall

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Gáspár Lajos" <swifty@freemail.hu>
To: Idgarad <idgarad@gmail.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: Fwd: Critque of IPTables Firewall
Date: Fri, 13 Oct 2006 10:34:09 +0200	[thread overview]
Message-ID: <452F4F81.5050200@freemail.hu> (raw)
In-Reply-To: <f22ceeb10610110657x24d2979bxeb3f0e2e08f9ae11@mail.gmail.com>

Idgarad írta:
> There are many guides on how to write a firewall script functionally,
> but form is disregarded. Is the following a decent, well written
> firewall (Form, not function)? It's is clear and easy to follow? In
> the event that I get hit by a bus would someone else with IPTables
> experience be able to pick up where I left off?
Hopefully an experienced firewall professional would understand it... :)
Not because it is too complicated but not everyone uses the same 
programing technics and style.

> Has anyone from the Netfilter's list thought about writing a
> Best-Practices guide not from the functional side, but rather the form
> side of writing IPTABLES scripts and what not?
Well... I published my firewall script two months before...
( https://lists.netfilter.org/pipermail/netfilter/2006-August/066404.html )

Let me quote Jan Engelhardt's reply:

"No one ever reads through that mess, really. There are so many scripts floating
around, the number is just too outstanding, and it makes tired after a while.

Jan Engelhardt"

Well... I think this is okay but anyway I would be glad if a guide would exist.
So I am a bit interested ...
 


For example I would propose the following format:

iptables -t <table> <command> -j <jump_target> [filters]

table: mangle, nat, filter...
command: -A, -I, -P...
jump_target: ACCEPT, DROP ...
filters: -p tcp, -p tcp -s 192.168.0.1....

There could be other rules like separating the tables and so on...

Swifty

     prev parent reply	other threads:[~2006-10-13  8:34 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <f22ceeb10610110654j7372e4afs2ec81cdd9ce18e43@mail.gmail.com>
2006-10-11 13:57 ` Fwd: Critque of IPTables Firewall Idgarad
2006-10-13  8:34   ` Gáspár Lajos [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=452F4F81.5050200@freemail.hu \
    --to=swifty@freemail.hu \
    --cc=idgarad@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.