From: /dev/rob0 <rob0@gmx.co.uk>
To: netfilter@vger.kernel.org
Subject: Re: Who can give me any existing iptables rules for reference?
Date: Sun, 7 Feb 2010 10:15:39 -0600 [thread overview]
Message-ID: <20100207161539.GA21229@minipax> (raw)
In-Reply-To: <28efc0211002060450n782f9273i9489e289dbc62407@mail.gmail.com>
On Sat, Feb 06, 2010 at 08:50:20PM +0800, supercodeing35271
supercodeing35271 wrote:
> Hi,i'm a rookie.As learning netfilter/iptables for the first time,
> i wanna look some good existing iptables rules scripts as that i
> think reading good rules scripts will be useful.
A problem in that is that a script is not typically the best way to
load a set of rules. Race conditions can occur when more than one
trigger invokes the firewall script, when the first instance wasn't
completed yet. iptables-restore(8) (of a ruleset which had been
saved with iptables-save(8)) is the solution to this problem; it
loads the entire ruleset into memory atomically.
I think a lot of folks who want to learn firewall skills get caught
up in trying to do fancy bash(1) things. And way too many of the
ready-made firewall scripts I have seen are clueless and over-
complicated with silly shell tricks.
> So anyone here can share some rules or tell me where to see any
> good rules scripts. I must underline that i just need some
> references, i do not have any other reason about this.
I would start with a tutorial such as the ones at netfilter.org and
Oskar's frozentux tutorial. Those are slightly out of date, but
should still give you a good start. The man page is maintained, and
should be a good reference for syntax and application of the various
match and target extensions.
Unfortunately I am not aware of a good, up-to-date basic tutorial
that I could recommend. I have not had the time to try to start one,
myself.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
next prev parent reply other threads:[~2010-02-07 16:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-06 12:50 Who can give me any existing iptables rules for reference? supercodeing35271 supercodeing35271
2010-02-06 13:19 ` Richard Horton
2010-02-07 16:15 ` /dev/rob0 [this message]
2010-02-09 16:12 ` supercodeing35271 supercodeing35271
2010-02-09 16:53 ` Mart Frauenlob
2010-02-10 21:23 ` Gerardo Fernandez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100207161539.GA21229@minipax \
--to=rob0@gmx.co.uk \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox