Hello, a couple of weeks I found this link on debian-firewall: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/adsl4linux/ADSL4Linux/ADS L4Linux/templates/firewall.iptables.devel?rev=HEAD&content-type=text/vnd .viewcvs-markup
It is a pretty good script. You have to set y or n for a list of services you want to run. The rest of the script is very readable and the firewall is pretty robuust. It is originally desinged for a Dutch ADSL line, but it can easily be adapted to every kind of interface. And it handles dynamic ip's. Put the script in /etc/ppp/ip-up.d (not sure about this), this should start the script when dailed in. Greetz, Sebastiaan On Tue, 26 Jun 2001, Matthew Garman wrote: > > I would like to upgrade my kernel from 2.2 to 2.4. The main thing that > concerns me is building a new iptables-based firewall (as opposed to > ipchains). > > I was using the TrinityOS firewall for ipchains. I read through it, > somewhat, but basically accepted its security on blind faith. > > I figure that with the switch to 2.4 and iptables, now would be a good > time to really learn how to write a good firewall script. > > So for starters, I'd like to have a good, secure, well-commented iptables > firewall script that I could use and learn from. Then I'd like to see > some online documentation on firewall considerations. > > For the summer, I want a firewall that works with dynamic IP addresses so > my dad and I can share a modem (standard, ultra-slow serial analog modem), > running no services. > > Then, when I go back to school, I'll want to change the script so I can > share a cablemodem with my roommates. I'll also run a couple basic > services at that time, such as a mailer, an SSH daemon, and probably > Apache. > > If anyone can point me in the right direction to get started, I would be > very appreciative :) > > Thanks! > Matt > > -- > Matt Garman, [EMAIL PROTECTED] > "I'll tip my hat to the new constitution, Take a bow for the new revolution > Smile and grin at the change all around, Pick up my guitar and play > Just like yesterday, Then I'll get on my knees and pray..." > -- Pete Townshend/The Who, "Won't Get Fooled Again" > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
