On Sat 22 Nov 2008 18:11:28 NZDT +1300, Steve Holdoway wrote: > Does anyone have any simple rules out there to enable the following: > > eth0 local > eth1 dmz > eth2 internet > > all local can see dmz and internet > all dmz can see only internet
My personal incantations are pfsense (though that's pf, not iptables) and SuSEfirewall2. Both generate the nitty-gritty from the policy I specify. I've never quite understood why anyone would go out to program in a low level when the same job can be achieved easier and more reliably with a higher language. There are several other firewall rule generators available. If you really have to have the iptables dirt, examine the output of a rule generator. Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me.