[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sheflug] Firewalling - BSD and iptables
Sorry I didn't give many useful answers on this one.
Here's masquerading under iptables:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
logging with a very low limit (although there is also a default burst
rate of 5 matches/second in addition to the specified 2 matches/minute):
iptables -A INPUT -i ppp0 -m limit --limit 2/m -j LOG --log-prefix iptables-input:
iptables -A FORWARD -i ppp0 -m limit --limit 2/m -j LOG --log-prefix iptables-forward:
IMO, the way that the rules are set up now is much easier to think
about.
INPUT - packets destined for the firewall box.
FORWARD - only packets going through/across the box (i.e. NAT)
OUTPUT - packets from the firewall box
IIRC, "input" under ipchains includes all incoming packets.
Excuse me if I'm a bit quiet over the next few days - I'm off to
Edinburgh for the weekend.
Cheers.
Baz.
--
Barrie J. Bremner OpenPGP public key ID: 5164F553
baz [at] barriebremner.com http://barriebremner.com/
___________________________________________________________________
Sheffield Linux User's Group - http://www.sheflug.co.uk .
To unsubscribe from this list send mail to
shef-lug-request@list.sheflug.org.uk with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.