On Fri, May 10, 2002 at 07:36:32AM -0400, christophe barbé wrote: | On Thu, May 09, 2002 at 11:19:55PM -0500, dman wrote: | > On Thu, May 09, 2002 at 03:14:45PM -0700, justin cunningham wrote: | > | Hey, I did I search for iptables how to and got tons of docs-- does | > | anyone recommend one over another or a debian specific one? The goal is | > | to take advantage of three nics for web and mail services. | > | > See http://netfilter.samba.org. That's one location for the netfilter | > (iptables) development. Read Rusty's docs. He's the one who coded | > the stuff. There's really nothing debian-specific about it because | > it's all part of the kernel. The only thing distro-specific may be | > where to put the commands to restore your filter at boot time. I put | > my various firewall scripts in /etc/FIREWALL and made a symlink named | > /etc/rcS.d/S38FIREWALL to the one I want. | | /etc/FIREWALL should be /etc/init.d/FIREWALL and this is not | distro-specific (FHS).
/etc/FIREWALL is a directory with several scripts in it. Each one
makes a different firewall. When I move the machine around (or just
want to open up something that's normally closed) I can simply use
a different script that is stored there.
If I wanted to be pedantic, I would call those files "conffiles" and
make a separate "script" in /etc/init.d that would set up the firewall
according to those conffiles. (of course, this IS pedantic because
the "conffiles" are just sh scripts themselves and need no other
script to be useful)
(this is all just my own system, no packages had anything to do with it)
-D
--
"He is no fool who gives up what he cannot keep to gain what he cannot lose."
--Jim Elliot
GnuPG key : http://dman.ddts.net/~dman/public_key.gpg
pgpUf0Izpi6zi.pgp
Description: PGP signature
