On Wed, Jan 28, 2009 at 12:20:27PM +0100, cyril franke wrote: > Hello list, > > I just started learning firewall setup with iptables > and found the following tutorial useful: > http://www.iptablesrocks.org/
Hi, Looks like a good idea. > > What do you think about the ruleset proposed for a > typical web server firewall? > http://www.iptablesrocks.org/guide/ruleset.php Ouch, that's pretty complicated (especially the stuff with TCP flags at the beginning: iptables is a stateful firewall, the INVALID and ESTABLISHED targets have been create to avoid such crap). > > What do you think about the suggested Iptables Log > Analyzer: http://www.gege.org/iptables/ > Not developed since 2002, works for linux 2.4 (no ipv6), uses text-based logging ... I would say this is a pretty bad idea. I'd suggest using ulogd [1] with a graphical interface, like NuLog [2]. Cheers, Pierre [1] http://www.netfilter.org/projects/ulogd/index.html [2] http://software.inl.fr/trac/wiki/EdenWall/NuLog -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
