On Wed, Dec 27, 2000 at 01:15:58PM +0100, Giacomo Mulas wrote: > any use to anybody else. However, I set it up roughly this way: > 1) I have a script that is softlinked to the rcS.d directory and thus gets > started before any network interface is up. It sets up "one way" filtering > essentially letting anything out from my computer and internal LAN and > nothing in from any (unspecified) external interface, except packets > coming back on connections originated from my internal LAN. > 2) Most of the scripts in the ipmasq directories in /etc/ipmasq do nothing > except setting up firewalling rules for antispoofing protection for > dynamic interfaces (and cleaning them up after the dynamic interface goes > down). I need to do this explicitly because I also use free S-WAN for > ipsec and the latter does not work with rp_filter enabled.
> Let me know if I can further help with this. I haven't started reading on iptables yet, so I don't no how hard it is, but what you've done sounds like what I need. And I could use some help here, so I would be pleased if you could post or mail your scripts. Especially the rcS.d part sounds like I could steel some ideas from to further secure my current ip-chains based firewall until the day that I switch to a 2.4 kernel. -- groetjes, carel
