From: "Gáspár Lajos" <swifty@freemail.hu>
To: gabrix <gabrix@gabrix.ath.cx>
Cc: netfilter <netfilter@lists.netfilter.org>
Subject: Re: my script !
Date: Fri, 27 Oct 2006 09:42:19 +0200 [thread overview]
Message-ID: <4541B85B.5060409@freemail.hu> (raw)
In-Reply-To: <45411A9A.6080509@gabrix.ath.cx>
Intresting... :)
Take a look on my script also... :)
Swifty
gabrix írta:
> I would like your opinion on my firewall script.I will also list all
> services avialable on each machine in lan and how lan is configured...
> keep tight !!!
> my lan :
>
...
>> #!/bin/bash -x
>>
>>
>> #LOAD mODULES
>> modprobe ip_conntrack_ftp
>> modprobe ip_nat_ftp
>> modprobe ip_conntrack_irc
>> modprobe ip_nat_irc
>>
>> # ALCUNE VARIABILI PER INIZIARE
>> NET1=192.168.0.0/16
>> NET2=192.168.0.0/30
>> NET3=192.168.1.0/29
>> NET4=192.168.1.0/24
>> ROUT=192.168.0.1/32
>> ARG0=192.168.0.2/32
>> ARG1=192.168.1.1/32
>> WWW=192.168.1.4/32
>> MAIL=192.168.6/32
>> MAC=192.168.0.3/32
>> DNS1=85.37.17.11/32
>> DNS2=85.38.28.69/32
>> IPT=/sbin/iptables
>> IF0=eth0
>> IF1=eth1
>>
>> # FLUSH
>> echo "0" > /proc/sys/net/ipv4/ip_forward
>>
>> $IPT -P INPUT ACCEPT
>> $IPT -P FORWARD ACCEPT
>> $IPT -P OUTPUT ACCEPT
>>
Policy: ACCEPT
>> $IPT -t nat -P PREROUTING ACCEPT
>> $IPT -t nat -P POSTROUTING ACCEPT
>> $IPT -t nat -P OUTPUT ACCEPT
>> $IPT -t mangle -P PREROUTING ACCEPT
>> $IPT -t mangle -P POSTROUTING ACCEPT
>> $IPT -t mangle -P INPUT ACCEPT
>> $IPT -t mangle -P OUTPUT ACCEPT
>> $IPT -t mangle -P FORWARD ACCEPT
Default policy is always ACCEPT....
>> $IPT -F
>> $IPT -t nat -F
>> $IPT -t mangle -F
>> $IPT -X
>> $IPT -t nat -X
>> $IPT -t mangle -X
>>
>> # DEFAULTS
>> $IPT -P INPUT DROP
>> $IPT -P OUTPUT DROP
>> $IPT -P FORWARD DROP
>>
Policy: DROP
Why ACCEPT before, and DROP now?
>> $IPT -t mangle -P PREROUTING ACCEPT
>> $IPT -t mangle -P OUTPUT ACCEPT
>> $IPT -t nat -P PREROUTING ACCEPT
>> $IPT -t nat -P POSTROUTING ACCEPT
>> $IPT -t nat -P OUTPUT ACCEPT
>>
>>
>>
Default policy
>> # FREE_LOCALHOST
>> $IPT -A INPUT -j ACCEPT -i lo
>> $IPT -A INPUT -j ULOG --ulog-prefix "LOCAL_SPOOF:" -i ! lo -s
>> 127.0.0.1/255.0.0.0
>> $IPT -A INPUT -j DROP -i ! lo -s 127.0.0.1/255.0.0.0
>> $IPT -A OUTPUT -j ACCEPT -o lo
>>
>>
>> # LAN eth0
>> $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
>> $IPT -A INPUT -i $IF0 -s $NET2 -j ACCEPT
>> $IPT -A INPUT -i $IF0 -s $MAC -j ACCEPT
>> $IPT -A INPUT -i $IF0 -s $NET1 -j ULOG --ulog-prefix " ### ETH0__SPOOF:"
>> $IPT -A INPUT -i $IF0 -s $NET1 -j DROP
>>
>> # LAN eth1
>> $IPT -A INPUT -i eth1 -s 192.168.1.0/29 -j ACCEPT
>>
>> ##
>> WW=135,136,137,138,139,445
>> $IPT -t nat -I PREROUTING -p tcp -i $IF0 -d $ARG0 -m multiport --dport
>> $WW -j DROP
>> $IPT -t nat -I PREROUTING -p udp -i $IF0 -d $ARG0 -m multiport --dport
>> $WW -j DROP
>>
>> # MSSQL
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp --dport 1433:1434 -m limit -j
>> ULOG --ulog-prefix "Firewalled packet: MSSQL "
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp --dport 1433:1434 -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p udp --dport 1433:1434 -m limit -j
>> ULOG --ulog-prefix "Firewalled packet: MSSQL "
>> $IPT -t nat -I PREROUTING -i $IF0 -p udp --dport 1433:1434 -j DROP
>>
>> # Traceroutes depend on finding a rejected port. DROP the ones it uses
>> $IPT -t nat -I PREROUTING -i eth0 -p udp --dport 33434:33523 -j ULOG
>> --ulog-prefix "TRACEROUTE_UDP:"
>> $IPT -t nat -I PREROUTING -i eth0 -p udp --dport 33434:33523 -j DROP
>>
>>
>> # GNUTELLA NETWORK
>> $IPT -t nat -I PREROUTING -i $IF0 -p udp --dport 6346:6348 -d $NET2 -j
>> DROP
>>
>> # PORTS_BLACK_LIST
>> PBL=1024,1025,1026,1027,33058,34120,40193
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 -m multiport
>> --dports $PBL -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p udp -d $NET2 -m multiport
>> --dports $PBL -j DROP
>>
>> # UDP Traceroute
>> $IPT -t nat -I PREROUTING -i $IF0 -p udp -d 192.168.0.0/16 --dport
>> 33434:33523 -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p udp -d 192.168.0.0/16 --dport
>> 33434:33523 -j ULOG --ulog-prefix "UDP_TRACEROUTES :"
>>
>>
>> #-----------------------------------------------------------------------------------#
>> # ICMP
>> TYPES #
>> #-----------------------------------------------------------------------------------#
>> #
>> #
>> # 0 = Echo Reply, what gets sent back after a type 8 is received
>> here #
>> # 3 = Destination Unreachable (inbound) or Fragmentation Needed
>> (out) [RFC792] #
>> # 4 = Source Quench tells sending IP to slow down its rate to
>> destination #
>> # 5 = Redirect
>> [RFC792] #
>> # 6 = Alternate Host
>> Address #
>> # 8 = Echo Request used for pinging hosts, but see the note
>> above #
>> # 9 = Router Advertisement
>> [RFC1256] #
>> # 10 = Router Selection
>> [RFC1256] #
>> # 11 = Time Exceeded used for traceroute (TTL) or sometimes frag
>> packets #
>> # 12 = Parameter Problem is some error or weirdness detected in
>> header #
>> # 13 = Timestamp
>> [RFC792] #
>> # 14 = Timestamp Reply
>> [RFC792] #
>> # 15 = Information Request
>> [RFC792] #
>> # 16 = Information Reply
>> [RFC792] #
>> # 17 = Address Mask Request
>> [RFC950] #
>> # 18 = Address Mask Reply
>> [RFC950] #
>> # 30 = Traceroute
>> [RFC1393] #
>> #
>> #
>> #-----------------------------------------------------------------------------------#
>>
>> # ICMP
>> $IPT -t nat -I PREROUTING -i $IF0 -p icmp -d $NET1 -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p icmp --icmp-type 0 -m limit
>> --limit 3/s -d $NET1 -j ACCEPT
>> $IPT -t nat -I PREROUTING -i $IF0 -p icmp --icmp-type 3 -m limit
>> --limit 3/s -d $NET1 -j ACCEPT
>>
>> # CHECK_FLAGS
>> $IPT -t nat -I PREROUTING -i $IF0 -f -d $NET2 -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -f -d $NET2 -j ULOG --ulog-prefix
>> "FRAGMENTS:"
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 -m state --state
>> INVALID -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 -m state --state
>> INVALID -j ULOG --ulog-prefix "INVALID_FLAGS:"
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL
>> FIN,URG,PSH -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL
>> FIN,URG,PSH -m limit --limit 3/s -j ULOG --ulog-prefix "NMAP-XMAS_SCAN:"
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags SYN,RST
>> SYN,RST -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags SYN,RST
>> SYN,RST -m limit --limit 3/s -j ULOG --ulog-prefix "SYN/RST_SCAN: "
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags SYN,FIN
>> SYN,FIN -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags SYN,FIN
>> SYN,FIN -m limit --limit 3/s -j ULOG --ulog-prefix "SYN/FIN_SCAN: "
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL FIN
>> -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL FIN
>> -m limit --limit 3/s -j ULOG --ulog-prefix "FIN_SCAN:"
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL ALL
>> -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL ALL
>> -m limit --limit 3/s -j ULOG --ulog-prefix "ALL/ALL__SCAN : "
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL NONE
>> -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -p tcp -d $NET2 --tcp-flags ALL NONE
>> -m limit --limit 3/s -j ULOG --ulog-prefix "NULL_SCAN: "
>>
>>
>> # _____________ANTISPOOF
>>
>> cat /home/gabrix/bogon-bn-nonagg.txt |\
>> egrep -ve
>> "(^127\.|^192\.168\.|^41\.|^73\.|^76\.|^89\.|^90\.|^121\.|^122\.|^123\.\
>> |^124\.|^125\.|^126\.|^189\.| ^190\.)"|while read s; do
>> $IPT -t nat -I PREROUTING -i $IF0 -s $s -j DROP
>> $IPT -t nat -I PREROUTING -i $IF0 -s $s -j ULOG --ulog-prefix
>> 'BOGON_SPOOF:'
>> done
>>
>> # Make laptop get into LAN
>> #echo
>> "-----------------------------------------------------------------------------------------------------"
>> #$IPT -t nat -A PREROUTING -i eth0 -p ALL -s 192.168.0.3/32 -d
>> 192.168.1.0/24 -j DNAT --to-dest 192.168.1.1
>>
>>
>> # PREROUTING DNAT ################################# -------------------- >
>> # HTTP & HTTPS per .... www.gabrix.ath.cx
>> /sbin/iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 80 -d
>> 192.168.0.2/32 -j DNAT --to 192.168.1.4:80
>> /sbin/iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 443 -d
>> 192.168.0.2/32 -j DNAT --to 192.168.1.4:443
>> # HTTP ... per .... mail.gabrix.ath.cx
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 --dport 80 -m state --state
>> NEW -d 192.168.0.2/32 -j DNAT --to 192.168.1.6:80
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 --dport 443 -m state --state
>> NEW -d 192.168.0.2/32 -j DNAT --to 192.168.1.6:443
>>
>>
>>
>> # SMTP
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport 25
>> -j DNAT --to 192.168.1.6:25
>>
>>
>> # INN
>> #$IPT -t nat -A PREROUTING -i eth0 -p tcp -d 192.168.0.2/32 --dport
>> 119 -j DNAT --to 192.168.1.4:119
>>
>>
>> # IRCD
>> IRC=6664:6669
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport
>> $IRC -j DNAT --to 192.168.1.4:6664-6669
>> $IPT -t nat -A PREROUTING -p udp -i $IF0 -d 192.168.0.2/32 --dport
>> 32768 -j DNAT --to 192.168.1.4:32768
>>
>>
>> # FTP
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport 20
>> -j DNAT --to 192.168.1.4:20
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport 21
>> -j DNAT --to 192.168.1.4:21
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport
>> 60000:65535 -m state --state ESTABLISHED,RELATED -j DNAT --to
>> 192.168.1.4:60000-65534
>>
>>
>> # POP-SSL
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport 995
>> -j DNAT --to 192.168.1.6:995
>> $IPT -t nat -A PREROUTING -p udp -i $IF0 -d 192.168.0.2/32 --dport 995
>> -j DNAT --to 192.168.1.6:995
>>
>>
>> # TIM --- DNS
>> $IPT -t nat -A PREROUTING -p ALL -i $IF0 -s $DNS1 -d $ARG0 -j DNAT
>> --to 192.168.1.6
>> $IPT -t nat -A PREROUTING -p ALL -i $IF0 -s $DNS2 -d $ARG0 -j DNAT
>> --to 192.168.1.6
>>
>> # PROXY
>> #$IPT -t nat -I PREROUTING -i $IF1 -p tcp -s $NET3 --dport 80 -j DNAT
>> --to 192.168.1.1:8888
>>
>> # EMULE
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport
>> 18744 -j DNAT --to 192.168.1.2:18744
>> $IPT -t nat -A PREROUTING -p udp -i $IF0 -d 192.168.0.2/32 --dport
>> 57692 -j DNAT --to 192.168.1.2:57692
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport
>> 4711 -j DNAT --to 192.168.1.2:4711
>> $IPT -t nat -A PREROUTING -p udp -i $IF0 -d 192.168.0.2/32 --dport
>> 4672 -j DNAT --to 192.168.1.2:4672
>> $IPT -t nat -A PREROUTING -p tcp -i $IF0 -d 192.168.0.2/32 --dport
>> 4661:4662 -j DNAT --to 192.168.1.2:4661-4662
>>
>> ##########################################################################################
>> # INPUT ARGO
>> SERVICES #
>> ##########################################################################################
>> # I want broadcats to reach only machines in lan and avoid packets to
>> go out in the internet and other #machines
>>
>> # BROADCASTS
>> # ETH0
>> $IPT -A INPUT -i $IF0 -d 255.255.255.255/32 -j ULOG --ulog-prefix
>> "NET_BROADCASTS:"
>> $IPT -A INPUT -i $IF0 -d 255.255.255.255/32 -j DROP
>>
>> # ETH1
>> $IPT -A INPUT -i $IF1 -j ACCEPT -s 192.168.1.0/29 -d 192.168.1.255/29
>> $IPT -A INPUT -i $IF1 -j ULOG --ulog-prefix "LAN_BROADCASTS:" -s
>> 192.168.1.0/29 -d 192.168.1.255/32
>> $IPT -A INPUT -i $IF1 -j DROP -s 192.168.1.0/29 -d 192.168.1.255/32
>>
>> $IPT -A INPUT -i $IF1 -j ACCEPT -s 192.168.1.0/29 -d 255.255.255.255/29
>> $IPT -A INPUT -i $IF1 -j ULOG --ulog-prefix "LAN_NBIOS_BROADCASTS:" -s
>> 192.168.1.0/29 -d 255.255.255.255/32
>> $IPT -A INPUT -i $IF1 -j DROP -s 192.168.1.0/29 -d 255.255.255.255/32
>>
>> # MULTICASTS
>> $IPT -A INPUT -i $IF0 -j DROP -m state --state NEW -d 224.0.0.0/4 -p ! 6
>>
>> # INPUT ARGO_SERVICES -----------------------------------------
>> # TOR
>> $IPT -t nat -A PREROUTING -i $IF0 -p tcp --dport 22 -j REDIRECT
>> --to-port 9090
>> $IPT -t nat -A PREROUTING -i $IF0 -p tcp --dport 110 -j REDIRECT
>> --to-port 9091
>> $IPT -A INPUT -i eth0 -p tcp -d 192.168.0.2/32 --dport 9090 -j ACCEPT
>> $IPT -A INPUT -i eth0 -p tcp -d 192.168.0.2/32 --dport 9091 -j ACCEPT
>>
>>
>> # Accetto SSH e prevengo bruteforces
>> $IPT -A INPUT -i eth0 -p tcp --dport 666 -d 192.168.0.2/32 -m recent
>> --update --seconds 60 --hitcount 4 --rttl --name SSH -j ULOG
>> --ulog-prefix "SSH_BRUTEFORCE:"
>> $IPT -A INPUT -i eth0 -p tcp --dport 666 -d 192.168.0.2/32 -m state
>> --state NEW -m recent --set --name SSH -j ACCEPT
>>
>>
>> # TIM_DNS
>> $IPT -A INPUT -i eth0 -s $DNS1 -d $ARG0 -j ACCEPT
>> $IPT -A INPUT -i eth0 -s $DNS2 -d $ARG0 -j ACCEPT
>>
>> # DROP Anything else
>> $IPT -A INPUT -i $IF0 -p tcp --dport 1:65535 -d $ARG0 -j ULOG
>> --ulog-prefix "TCP:"
>> $IPT -A INPUT -i $IF0 -p tcp --dport 1:65535 -d $ARG0 -j DROP
>> $IPT -A INPUT -i $IF0 -p udp --dport 1:65535 -d $ARG0 -j ULOG
>> --ulog-prefix "UDP:"
>> $IPT -A INPUT -i $IF0 -p udp --dport 1:65535 -d $ARG0 -j DROP
>> $IPT -A INPUT -i $IF0 -p ALL -d $ARG0 -j ULOG --ulog-prefix "#######|
>> STOP_ALL_ |######:"
>> $IPT -A INPUT -i $IF0 -p ALL -d $ARG0 -j DROP
>>
>>
>> # FORWARD
>> #
>>
>> # 192.168.0.0 NETWORK
>> $IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -s 192.168.0.3 -d 192.168.1.0/29 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -s $ARG0 -d $NET3 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -s $ROUT -d $NET3 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -s $NET1 -d $NET4 -j ULOG
>> --ulog-prefix "Forward_SPOOF:"
>> $IPT -A FORWARD -i eth0 -o eth1 -s $NET1 -d $NET4 -j DROP
>>
>> # LAN
>> $IPT -A FORWARD -i eth1 -o eth0 -s 192.168.1.0/24 -j ACCEPT
>>
>>
>> # # Services FORWARD-------->
>>
>> # TIM DNS
>> $IPT -A FORWARD -s $DNS1 -d 192.168.1.0/24 -j ACCEPT
>> $IPT -A FORWARD -s $DNS2 -d 192.168.1.0/24 -j ACCEPT
>>
>>
>> # FTP
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp -d 192.168.1.4 --dport 20 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp -d 192.168.1.4 --dport 21 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp -d 192.168.1.4 --dport
>> 60000:65534 -j ACCEPT
>>
>>
>> # INN
>> #$IPT -A FORWARD -i eth0 -o eth1 -p tcp --dport 119 -d 192.168.1.4 -j
>> ACCEPT
>>
>>
>> # SMTP
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp --dport 25 -d 192.168.1.6 -j ACCEPT
>>
>>
>> # IRCD
>> IRC=6665:6669
>> $IPT -A FORWARD -i eth0 -p tcp --dport $IRC -d 192.168.1.4/32 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -p udp --dport 32768 -d 192.168.1.4/32 -j ACCEPT
>>
>>
>> # HTTP
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp --dport 80 -d 192.168.1.4 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp --dport 443 -d 192.168.1.4 -j
>> ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp --dport 80 -d 192.168.1.6 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -o eth1 -p tcp --dport 443 -d 192.168.1.6 -j
>> ACCEPT
>>
>>
>> # POP SSL
>> $IPT -A FORWARD -i eth0 -p tcp --dport 995 -d 192.168.1.6 -j ACCEPT
>> $IPT -A FORWARD -i eth0 -p udp --dport 995 -d 192.168.1.6 -j ACCEPT
>>
>> # EMULE
>> $IPT -A FORWARD -p tcp -i $IF0 --dport 18744 -d 192.168.1.2 -j ACCEPT
>> $IPT -A FORWARD -p udp -i $IF0 --dport 57692 -d 192.168.1.2 -j ACCEPT
>> $IPT -A FORWARD -p tcp -i $IF0 --dport 4711 -d 192.168.1.2 -j ACCEPT
>> $IPT -A FORWARD -p udp -i $IF0 --dport 4672 -d 192.168.1.2 -j ACCEPT
>> $IPT -A FORWARD -p tcp -i $IF0 --dport 4661:4662 -d 192.168.1.2 -j ACCEPT
>>
>> # OUTPUT
>> $IPT -A OUTPUT -o eth0 -s 192.168.0.2/32 -j ACCEPT
>> $IPT -A OUTPUT -j ACCEPT -o eth1 -d 192.168.1.0/24
>> $IPT -A OUTPUT -s 192.168.0.0/16 -j ACCEPT
>> $IPT -A OUTPUT -s 192.168.1.0/24 -j ACCEPT
>>
>> $IPT -A OUTPUT -p icmp --icmp-type time-exceeded -j DROP
>> $IPT -A OUTPUT -p icmp --icmp-type 0 -j DROP
>>
>> # MASQUERADE
>> $IPT -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
>>
>> echo "1" > /proc/sys/net/ipv4/ip_forward
>>
>>
> If you have question just ask .... thanks !!!
>
>
>
I do not really believe that this is the best form of a script but if
you understand your script (and hopefully you do :D ) then this is
good... :)
I prefer scripts much like the output of "iptables -vnL"
Swifty
prev parent reply other threads:[~2006-10-27 7:42 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-26 20:29 my script ! gabrix
2006-10-27 7:42 ` Gáspár Lajos [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4541B85B.5060409@freemail.hu \
--to=swifty@freemail.hu \
--cc=gabrix@gabrix.ath.cx \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.