discuss: Iptables HOWTO
Subject:
Re: Iptables HOWTO
From:
Poet/Joshua Drake ####@####.####
Date:
1 Aug 2001 16:27:07 -0000
Message-Id: <Pine.LNX.4.30.0108010924370.31294-100000@commandprompt.com>
Hello,
The existing Iptables documents is lacking at best. I don't think anyone
can argue that actual point.
If someone wants to sit down and write a HOWTO on how to actually use
IpTables in a useful fashion... I am all for it.
Poet
webmaster@ldp
On 1 Aug 2001, Jamin W. Collins wrote:
>On 31 Jul 2001 08:09:39 +0100, John Peter Tapsell wrote:
>> IMHO the problem is just that ppl need to learn about it rather then doing a
>> quick-fix. I don't think the problem is a lack of documentation, just a lack
>> of patience from the users...
>
>I must disagree. I read through alot of the existing documentation and
>I must say, I found it to be inadequate and misleading. At one point I
>would have called the documentation incorrect. However, I later found
>that the documentation could be considered correct, but only if you
>looked at a small subset of iptables (not indicated in the
>documentation). Based on this I could still go either way.
>
>For example, there are references in the documents that I have read that
>indicate that only one chain will be traversed for each packet. In
>practice this is only true when using just the filter table. Once the
>nat and mangle tables are introduced, this goes right out the window.
>
>I've yet to see a document that covers filter, nat, and mangle. Let
>alone any of the other optional modules like mac matching.
>
>My HOWTO will not be a simple, "Here type these commands and run this
>script" solution. It will be more of an explaination of what I have
>learned and my understanding of how the iptables tool works. I will of
>course include examples that are taken from my firewall script.
>However, if a user simply wants a drop in solution they will be directed
>to my firewall script or others that.
>
>Jamin W. Collins
>
>
>_________________________
>http://list.linuxdoc.org/
>
--
--
<COMPANY>CommandPrompt - http://www.commandprompt.com </COMPANY>
<PROJECT>OpenDocs, LLC. - http://www.opendocs.org </PROJECT>
<PROJECT>LinuxPorts - http://www.linuxports.com </PROJECT>
<WEBMASTER>LDP - http://www.linuxdoc.org </WEBMASTER>
--
Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.
--