gentuxx <gentuxx <at> gmail.com> writes:
> I think, perhaps, you misunderstood what I was saying. My > understanding of shorewall was that it was a script (or series of > scripts) that look for the previously specified config files and do > "cool stuff" with the information contained in them. I was simply > stating that in order to put value to the information in the config > files, that you would have to know what the scripts do. I was not, in > any way, suggesting that you use Shorewall. I can completely > understand and sympathize with your need to dissect iptables, and the > security it provides. However, I tend to take a top-down approach, as > opposed to the bottom-up approach you seem to prefer. OK this is great!. However, I'm a C/assembler hack, with embedded tendencies. Scripts are OK, as most are self explanatory. As a hardware guy, I often start with a microP, and write/add firmware to a custom bootloader. From there, often, as simple state_machine with selected code creates wonderful things; so I'm definately a bottoms up kind of guy. YMMV. > Going back to your original questions, I'm not really sure I can help > with Q1. However, in regards to Q2, there aren't any config files for > iptables. The tables are stored in memory. You can do an > "iptables-save", which will output a modified version of the rules > currently in place, which can subsequently be modified (assuming you > understand and duplicate the syntax) and restored (with any changes) > using "iptables-restore". Otherwise, all of your editing should be > done at the command line. I would recommend using a script (of your > own design, if so desired) to ease repeatability, and reduce the > possibility for mistakes (fat-fingering). Also, a script of this > nature would be handy for starting the iptables upon boot (I believe > the HOW-TO you referenced covers this). Is this the one? http://www.linuxguruz.com/iptables/scripts/rc.DMZ.firewall.txt I've reference many urls. This one was written for 2.4 based kernels and I'm not sure it's useful for 2.6. That was one of my questions.... Can you look at it and suggest where it is defective? That way, I can use it as a baseline to learn and develop a more robust (in_memory) ruleset that spawns from a shell script or elsewhere. Or maybe share a 2.6 based script? OK all of this is fantastic! All of the googling and reading I've done has not revealed this. Most of what I find is circa 2.4 and I'm not adept enough to discern what's relevant for 2.4 and 2.6 kernels, yet. Thank you very, very much, James -- [email protected] mailing list
