help with iptables

Hi everyone,

I have been using webmin and turtlefirewall to administer our iptables
configuration for around 3 or 4 years now, but i feel its time to move
away from this and start learning what iptables is all about and how to
configure it.

I would be grateful if someone could point me in the right direction. I
have searched the internet, and everyone goes on about iptables scripts
and running them when the computer starts up etc...

I do understand the basics of how iptables works (ie a rule will either
let a packet in or out or drop or reject etc..) what i dont understand
is .... do I just create all the rules in a ascii file, and then tell
iptables to run this file on startup ??

The machine that it would be running on has 3 active cards (and 1
virtual card)

regards

Dave.

"Dave" <(E-Mail Removed)> writes:

> I do understand the basics of how iptables works (ie a rule will either
> let a packet in or out or drop or reject etc..) what i dont understand
> is .... do I just create all the rules in a ascii file, and then tell
> iptables to run this file on startup ??

Yes, you can do that. What I do is have pre-up and post-down scripts run
from /etc/network/interfaces that separately bring in the rules relevant
to those interfaces.

-- Mark

On 18 Dec 2006 08:01:57 -0800, Dave wrote:
>
> I would be grateful if someone could point me in the right direction. I
> have searched the internet, and everyone goes on about iptables scripts
> and running them when the computer starts up etc...

You would think http://netfilter.org/ would have doc/faqs/tutorial
that might help.
http://iptables-tutorial.frozentux.n...SAVEANDRESTORE

In article <(E-Mail Removed) om>,
Dave <(E-Mail Removed)> wrote:
:Hi everyone,
:
:I have been using webmin and turtlefirewall to administer our iptables
:configuration for around 3 or 4 years now, but i feel its time to move
:away from this and start learning what iptables is all about and how to
:configure it.
:
:I would be grateful if someone could point me in the right direction. I
:have searched the internet, and everyone goes on about iptables scripts
:and running them when the computer starts up etc...
:
:I do understand the basics of how iptables works (ie a rule will either
:let a packet in or out or drop or reject etc..) what i dont understand
:is .... do I just create all the rules in a ascii file, and then tell
:iptables to run this file on startup ??

What is commonly done is to write a shell script that repeatedly invokes
the 'iptables' command to install the rules one at a time. It is also
possible to create a file in the format generated by 'iptables-save' and
use 'iptables-restore' to load that file. That process is generally not
recommended. While the format of lines in that file closely resembles
the arguments to the 'iptables' command, there are some restrictions and
other more subtle differences, and there is no assurance that
'iptables-restore' will work with files not produced by 'iptables-save'.

The best document I know of for learning about iptables is "Iptables
Tutorial" by Oskar Andreasson. You can find it in various formats at

http://iptables-tutorial.frozentux.net/

--
Bob Nichols AT comcast.net I am "RNichols42"