Talk:Iptables

From Gentoo Wiki
Jump to:navigation Jump to:search
Note
Before creating a discussion or leaving a comment, please read about using talk pages. To create a new discussion, click here. Comments on an existing discussion should be signed using ~~~~:
A comment [[User:Larry|Larry]] 13:52, 13 May 2024 (UTC)
: A reply [[User:Sally|Sally]] 18:36, 12 October 2024 (UTC)
:: Your reply ~~~~

firewall management

Talk status
This discussion is done.

webmin has a web based gui to easily generate rules. fwbuilder is also an easy way to generate rules....

http://www.iptables.info/en/iptables-gui.html

666threesixes666 (talk) 20:23, 4 November 2013 (UTC)

Nothing to action here. Closing discussion. --Maffblaster (talk) 17:35, 21 February 2017 (UTC)

hierarchy

Talk status
This discussion is done as of 2024-05-26.

ip v6 second kernel box's hierarchy is messed up & i doubt its a functioning config. 666threesixes666 (talk) 05:32, 22 March 2014 (UTC)

Did you mean the client or the router section? As for client, it's working with kernel 3.18 --Charles17 (talk) 12:25, 24 April 2015 (UTC)

Logging

Talk status
This discussion needs help as of 2024-05-26.
Tip: To get this fixed sooner, use {{Proposal}}.

The following rules added to the end of my firewall.sh script were invaluable. I forget where I picked this scripting up from, likely Arch IPTables site, or one of the ask superuser sites. I don't think this required any additional modules, except the usual minimal Shorewall kernel modules for using IPTables. --Roger (talk) 04:28, 30 August 2016 (UTC)

CODE
# LOGGING
# Create a new chain called LOGGING.
iptables -N LOGGING
# Make sure all the remaining incoming connections jump to the LOGGING chain as shown below.
iptables -A INPUT -j LOGGING
# Next, log these packets by specifying a custom "log-prefix".
# FIXME: Requires additional NETFILTER_XT_MATCH_LIMIT kernel module
#iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
# FIXME: Without using NETFILTER_XT_MATCH_LIMIT, use the following rule instead:
iptables -A LOGGING -j LOG --log-prefix "IPTables PACKET DROPPED: " --log-level 7
# Finally, drop these packets too.
iptables -A LOGGING -j DROP
Any ideas for how this could be incorporated into the article?
Waldo Lemmer 07:12, 26 May 2024 (UTC)