Talk:Iptables
From Gentoo Wiki
(Redirected from Talk:Security Handbook/Firewalls and Network Security/iptables)
Jump to:navigation
Jump to:search
Note
This is a Talk page - please see the documentation about using talk pages. Add newer comments below older ones, sign comments using four tildes (
This is a Talk page - please see the documentation about using talk pages. Add newer comments below older ones, sign comments using four tildes (
~~~~
), and indent successive comments with colons (:
).
Add new sections at the bottom of the page, under a heading (== ==
). Please remember to mark sections as "open for discussion" using {{talk|open}}
, so they will show up in the list of open discussions.firewall management
Talk status
This discussion is done.
webmin has a web based gui to easily generate rules. fwbuilder is also an easy way to generate rules....
http://www.iptables.info/en/iptables-gui.html
666threesixes666 (talk) 20:23, 4 November 2013 (UTC)
- Nothing to action here. Closing discussion. --Maffblaster (talk) 17:35, 21 February 2017 (UTC)
hierarchy
Talk status
This discussion is still ongoing.
ip v6 second kernel box's hierarchy is messed up & i doubt its a functioning config. 666threesixes666 (talk) 05:32, 22 March 2014 (UTC)
- Did you mean the client or the router section? As for client, it's working with kernel 3.18 --Charles17 (talk) 12:25, 24 April 2015 (UTC)
Logging
Talk status
This discussion is still ongoing.
The following rules added to the end of my firewall.sh script were invaluable. I forget where I picked this scripting up from, likely Arch IPTables site, or one of the ask superuser sites. I don't think this required any additional modules, except the usual minimal Shorewall kernel modules for using IPTables. --Roger (talk) 04:28, 30 August 2016 (UTC)
CODE
# LOGGING
# Create a new chain called LOGGING.
iptables -N LOGGING
# Make sure all the remaining incoming connections jump to the LOGGING chain as shown below.
iptables -A INPUT -j LOGGING
# Next, log these packets by specifying a custom "log-prefix".
# FIXME: Requires additional NETFILTER_XT_MATCH_LIMIT kernel module
#iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
# FIXME: Without using NETFILTER_XT_MATCH_LIMIT, use the following rule instead:
iptables -A LOGGING -j LOG --log-prefix "IPTables PACKET DROPPED: " --log-level 7
# Finally, drop these packets too.
iptables -A LOGGING -j DROP