neysx 05/08/26 23:30:10 Modified: xml/htdocs/doc/en/articles linux-24-stateful-fw-design.xml Log: #103863 Install iptables w/ emerge instead of ./configure....
Revision Changes Path 1.3 +15 -22 xml/htdocs/doc/en/articles/linux-24-stateful-fw-design.xml file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/linux-24-stateful-fw-design.xml?rev=1.3&content-type=text/x-cvsweb-markup&cvsroot=gentoo plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/linux-24-stateful-fw-design.xml?rev=1.3&content-type=text/plain&cvsroot=gentoo diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/linux-24-stateful-fw-design.xml.diff?r1=1.2&r2=1.3&cvsroot=gentoo Index: linux-24-stateful-fw-design.xml =================================================================== RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/linux-24-stateful-fw-design.xml,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- linux-24-stateful-fw-design.xml 15 Aug 2005 23:16:06 -0000 1.2 +++ linux-24-stateful-fw-design.xml 26 Aug 2005 23:30:10 -0000 1.3 @@ -1,5 +1,5 @@ <?xml version='1.0' encoding="UTF-8"?> -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/linux-24-stateful-fw-design.xml,v 1.2 2005/08/15 23:16:06 cam Exp $ --> +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/linux-24-stateful-fw-design.xml,v 1.3 2005/08/26 23:30:10 neysx Exp $ --> <!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> <guide link="/doc/en/articles/linux-24-stateful-fw-design.xml"> @@ -22,8 +22,8 @@ version of the original article, and contains various improvements made by the Gentoo Linux Documentation team --> -<version>1.0</version> -<date>2005-07-28</date> +<version>1.1</version> +<date>2005-08-27</date> <chapter> <title>About this tutorial</title> @@ -106,18 +106,11 @@ Before we start designing a firewall, we need to do two things. First, we need to make sure that the <c>iptables</c> command is available. As root, type <c>iptables</c> and see if it exists. If it doesn't, then we'll need to get it -installed first. Here's how: head over to the netfilter/iptables project page -(<uri>http://www.netfilter.org/</uri>) and grab the most recent version of -<path>iptables.tar.gz</path> (currently <path>iptables-1.1.2.tar.gz</path>) you -can find. Then, install it by typing in the following commands (output omitted -for brevity): +installed first. Here's how we do that: </p> <pre caption="Installing necessary tools"> -# <i>tar xzvf iptables-1.1.2.tar.gz</i> -# <i>cd iptables-1.1.2</i> -# <i>make</i> -# <i>make install</i> +# <i>emerge iptables</i> </pre> </body> @@ -620,7 +613,7 @@ if [ -e /proc/sys/net/ipv4/tcp_ecn ] then echo 0 > /proc/sys/net/ipv4/tcp_ecn -fi +fi </pre> </body> @@ -710,7 +703,7 @@ <pre caption="Spoof protection"> for x in lo eth0 eth1 do - echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter + echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter done </pre> @@ -873,12 +866,12 @@ if [ -e /proc/sys/net/ipv4/tcp_ecn ] then echo 0 > /proc/sys/net/ipv4/tcp_ecn - fi + fi <comment># Disable spoofing on all interfaces</comment> - for x in ${INTERFACES} - do - echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter + for x in ${INTERFACES} + do + echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter done if [ "$ROUTER" = "yes" ] @@ -897,7 +890,7 @@ iptables -t nat -A POSTROUTING -o ${UPLINK} -j SNAT --to ${UPIP} fi fi - + elif [ "$1" = "stop" ] then echo "Stopping firewall..." @@ -1068,12 +1061,12 @@ if [ -e /proc/sys/net/ipv4/tcp_ecn ] then echo 0 > /proc/sys/net/ipv4/tcp_ecn - fi + fi <comment># Disable spoofing on all interfaces</comment> - for x in ${INTERFACES} + for x in ${INTERFACES} do - echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter + echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter done if [ "$ROUTER" = "yes" ] -- [email protected] mailing list
