Costas Magkos wrote:
Thank you all for the links and hints.
What I was really looking for was the debian way of doing things, which
I managed to locate in the "Securing Debian Manual" [1]. According to
this, the iptables initd script should be used. However, the
author/package-maintainer disapproves this method:
(from /etc/default/iptables:)
"..
#Q: You concocted this init.d setup, but you do not like it?
# A: I was pretty much hounded into providing it. I do not like it.
# Don't use it. Use /etc/network/interfaces, use /etc/network/*.d/
# scripts use /etc/ppp/ip-*.d/ script. Create your own custom
# init.d script -- no need to even name it iptables. Use ferm,
# ipmasq, ipmenu, guarddog, firestarter, or one of the many other
# firewall configuration tools available. Do not use the init.d
# script.
.."
The whole thing is a little comfusing (to novice guys like I). There is
a manual referring to the use of the script, while the very author of
the script discourages the use of it. It seems as a matter of personal
taste, but I think he could at least have explained his reasons.
Anyway, I decided to follow the procedures in the manual.
seriously, use shorewall (or something similar). They're all just
interfacest to iptables, and after ipfw, ipchains, iptables, etc, my
head's ready to explode with syntax.
there's also nice, updated versions of shorewall for debian at
shorewall.net, at backports.org, and at apt-get.org...
the author of the script puts it there for compatibility with the debian
software guidelines, but he recommends other tools in any case.
(I'm sure the others are there, too)
-g
