macro & iptables

macro & iptables

[Agung]

hi there,

is it possible using macro *like pf did* with iptables
?? while i'm googling i found nothing about this, any
suggestion ?? :-)


regards,
Agung

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: macro & iptables

[/dev/rob0]

On Tuesday 2005-August-30 22:55, Agung wrote:
> is it possible using macro *like pf did* with iptables

Since I don't know pf, you should explain more about what you want. No, 
I don't think iptables has any built-in macro capabilities, but you can 
use shell (or other) scripts to generate your rules. A script could 
either run all the iptables(8) commands in order, or it could generate 
iptables-save(8) format rules to be piped to iptables-restore(8) stdin.

> ?? while i'm googling i found nothing about this, any
> suggestion ?? :-)

Don't assume everyone else knows what your examples mean. Give detail.

Stick with pf if you know it and are comfortable.
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

Re: macro & iptables

[Agung]

let say... i have lists of ip in /etc/iplist.txt
is it possible to call that list, like perhaps in pf
table <ip> persist file "/etc/iplist.txt" ?
or i should use some bash scripting ?
thank you for your assistance :-)


		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 

Re: macro & iptables

[/dev/rob0]

On Wednesday 2005-August-31 09:13, Agung wrote:
> let say... i have lists of ip in /etc/iplist.txt
> is it possible to call that list, like perhaps in pf
> table <ip> persist file "/etc/iplist.txt" ?

Not to my knowledge. I don't think that design is as robust. iptables 
works entirely in the kernel memory. You can actually crash the OS, but 
the netfilter code will continue passing packets.

> or i should use some bash scripting ?

Yes:
#OPTIONS and TARGET must be set
while read IP ; do
    iptables $OPTIONS $IP $TARGET
done < /etc/iplist.txt

> thank you for your assistance :-)

np
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

Fwd: macro & iptables

[Edmundo Carmona]

you have a list of IPs? say, for example, you want to accept those IPs
for input (one IP per line). I guess this will work:

cat /etc/iplist.txt | while read anIP; do
    iptables -A INPUT -s $anIP -j ACCEPT
done;

On 8/31/05, Agung <duppeh@yahoo.com> wrote:
> let say... i have lists of ip in /etc/iplist.txt
> is it possible to call that list, like perhaps in pf
> table <ip> persist file "/etc/iplist.txt" ?
> or i should use some bash scripting ?
> thank you for your assistance :-)
>
>
>
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
>
>
>

Re: Fwd: macro & iptables

[Agung]

thank you for your help mr edmoundo & mr rob, it's
help me so much :-) 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: macro & iptables

[Kenneth Kalmer]

Agung, Edmundo & Rob

I know the question has been answered but I've got the urge to add my
2c as well.

As a quick background, I've used iptables for several months now and
am quite comfortable in my abilities. This list has helped me a lot,
even just by reading the majority of the posts every day.

I'm learning pf now, been using it for a couple of days only. The
differences between iptables and pf are quite significant. In the past
couple of days if really learned to love pf, over iptables, exactly
for reasons like it's macros and ease of configuration.

For an experiment I tried replacing a very reliable iptables firewall
on a DSL connection with a pf one, and man did I have troubles.

So where pf is easier to configure, with gimmicks like macros and
lists, iptables has unbelievable flexibility even though it is only
executed command by command.

I must admit that I have my own shell scripts that make configuring an
iptables firewall 10 times easier and quicker than a pf one, but yet I
know iptables way better than pf.

Stick to what you know and are comfortable with. Never risk security
for nice features. Both applications are world class, and netfilter
has excellent support!

HTH to clear the air a bit...

Enjoy the weekend

On 8/31/05, Agung <duppeh@yahoo.com> wrote:
> hi there,
> 
> is it possible using macro *like pf did* with iptables
> ?? while i'm googling i found nothing about this, any
> suggestion ?? :-)
> 
> 
> regards,
> Agung
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> 
> 


-- 

Kenneth Kalmer
kenneth.kalmer@gmail.com

Folding@home stats
http://vspx27.stanford.edu/cgi-bin/main.py?qtype=userpage&username=kenneth%2Ekalmer