discuss: Iptables HOWTO
Subject:
Re: Iptables HOWTO
From:
"Jamin W. Collins" ####@####.####
Date:
1 Aug 2001 14:35:25 -0000
Message-Id: <996676427.1187.10.camel@jamin-mini>
On 31 Jul 2001 08:09:39 +0100, John Peter Tapsell wrote:
> IMHO the problem is just that ppl need to learn about it rather then doing a
> quick-fix. I don't think the problem is a lack of documentation, just a lack
> of patience from the users...
I must disagree. I read through alot of the existing documentation and
I must say, I found it to be inadequate and misleading. At one point I
would have called the documentation incorrect. However, I later found
that the documentation could be considered correct, but only if you
looked at a small subset of iptables (not indicated in the
documentation). Based on this I could still go either way.
For example, there are references in the documents that I have read that
indicate that only one chain will be traversed for each packet. In
practice this is only true when using just the filter table. Once the
nat and mangle tables are introduced, this goes right out the window.
I've yet to see a document that covers filter, nat, and mangle. Let
alone any of the other optional modules like mac matching.
My HOWTO will not be a simple, "Here type these commands and run this
script" solution. It will be more of an explaination of what I have
learned and my understanding of how the iptables tool works. I will of
course include examples that are taken from my firewall script.
However, if a user simply wants a drop in solution they will be directed
to my firewall script or others that.
Jamin W. Collins
