View previous topic :: View next topic |
Author |
Message |
Jason Forum Fanatic
Joined: 19 Sep 2002 Posts: 16777215
|
Posted: Wed Dec 18, 2002 7:44 pm Post subject: IPtables configuration script |
|
|
Hi all,
I am looking for a command line script that configures IPTABLES on a RH8 box (bash shell).
The script should have support for DDOS protection, and Packet Forwarding as the box will act as a gw. Should allow me to configure some settings, such as which ports to allow inbound.
Perl is available on the box.
Any Suggestions / recommendations Please...
Cheers, J
|
|
Back to top |
|
|
b4rtm4n Trusted SF Member
Joined: 26 May 2002 Posts: 16777206 Location: Bi Mon Sci Fi Con
|
Posted: Sat Dec 21, 2002 9:42 pm Post subject: |
|
|
A reading recomendation .....
Linux Firewalls 2nd Edition from New Riders press.
Covers most of what u need!
|
|
Back to top |
|
|
Jason Forum Fanatic
Joined: 19 Sep 2002 Posts: 16777215
|
Posted: Sat Dec 21, 2002 9:48 pm Post subject: |
|
|
Cool.
Doing it all with IPTABLES is not really a problem, other than the fact it takes a long time...
There are many scripts such as NARC, that you just change a few settings to suit your needs, then it creates all of the iptables rules for you.
After that simply dump "iptables-save /etc/sysconfig/iptables" to save them.
"5 minutes and your done"
Looking for something like that...
Cheers, J
|
|
Back to top |
|
|
b4rtm4n Trusted SF Member
Joined: 26 May 2002 Posts: 16777206 Location: Bi Mon Sci Fi Con
|
Posted: Sun Dec 22, 2002 1:38 am Post subject: |
|
|
been there n tried that using ipchains!
The N R web site had the core scripts availble for d/l'ing.
Don't want to do the lazy "config script" option here. Best to build your own on the what ever isn't allowed is blocked basis.
Gotta get hard on ip access!
|
|
Back to top |
|
|
delete852 Just Arrived
Joined: 19 Nov 2002 Posts: 4 Location: Washington DC
|
Posted: Sun Dec 22, 2002 3:52 pm Post subject: |
|
|
I just want to ask something really quick, in iptables you specify the packets that you want to come throught, or you specify the ones you want to deny?
|
|
Back to top |
|
|
Jason Forum Fanatic
Joined: 19 Sep 2002 Posts: 16777215
|
Posted: Sun Dec 22, 2002 4:02 pm Post subject: |
|
|
delete852 wrote: |
I just want to ask something really quick, in iptables you specify the packets that you want to come throught, or you specify the ones you want to deny? |
Not sure if i fully understand the Question...
IPTables is a tool that you can use to create a series of "rules". These rules can allow or deny packets that flow in and out of your machine.
J
|
|
Back to top |
|
|
delete852 Just Arrived
Joined: 19 Nov 2002 Posts: 4 Location: Washington DC
|
Posted: Sun Dec 22, 2002 6:13 pm Post subject: |
|
|
What I ment is the things you specify, do you specify which packets the computer should deny, and then it allows everything else. Or do you specify which ones it should allow, in which case, it woul deny everything that is not specified. From your post I take it that you can do it both ways right?
|
|
Back to top |
|
|
Jason Forum Fanatic
Joined: 19 Sep 2002 Posts: 16777215
|
Posted: Sun Dec 22, 2002 7:07 pm Post subject: |
|
|
Correct, that is the default policy.
You can set it to allow everything except from what to explicitly deny
-OR-
You can set it to deny everything except from what to explicitly allow
J
|
|
Back to top |
|
|
|