[sclug] Firewalls
Tom Dawes-Gamble
tmdg at tmdg.co.uk
Sat Oct 25 09:05:31 UTC 2003
Hi Tim,
I wonder if we are reading the same book. Linux Firewalls
published by New Riders? I've had my copy for ages so may be you have a
newer version. Anyway page 115 is talking about traceroute.
The one reason that you might not want to invoke iptables commands
at the comand line is that you may enter a rule such as that you stop
all incoming traffic and then open up to spacific addresses. So your
connected over an IP connection and you stop yourself sending the command
to open up your connection.
If you use a script then if you pull the rug from under your feet
the script may coninue and put the rug back. If you are on the console
there is no rug to pull out. :-)
I used to use a firewall that I built and configured from Rob's
book but then I found ipcop see http://www.ipcop.org/ It loads much faster
than my home brew version. I'm sure that it's more secure. *AND* it's
much easier to administer.
Regards,
Tom.
On Mon, Jan 13, 2003 at 06:01:38PM -0000, tim wrote:
> Can anyone help - I'm sure it is a simple question.
>
> I am working through Bob Ziegler's Firewall book.
> On page 115 (If you have it) He says Do not attempt to invoke specific
> iptables reules from the command line.
> On the previous page he had pointed to a shell script
> /etc/rc.d/rc.firewall
>
> He says to execute the shell script from the console.
>
> What does this mean ? I have looked thru the firewall HOW-TO and that does
> not mention it which makes me think that it is very basic stuff
> that I just haven't twigged.
> My thoughts are to start a shell by running bash fromthe command line, but
> 1. I thought the command line was bash 2. That still does not explain the
> /etc/rc.d/rc.firewall which does not exist on my system .
>
> Any help would be much appreciated - thanks
>
>
> Tim Holmes
> tim at holmes.name
> 07881 784876
More information about the Sclug
mailing list