From: Tim T. <t....@co...> - 2004-09-25 01:10:22
|
Dave Mullen wrote: >Hey folks, > >I just wanted to bounce something off of you guys, since my knowledge of >firewalling isn't nearly as good as others. > >The project I'm working on is building a replacement firewall that we can >modify easier. Our old firewall was based on RH 8.0, and used a config file >from /etc/sysconfig/ iptables. > >Now that I'm moving to Devil Linux with this project, the new(er) netfilter >(iptables new name) is setting up its rules from /etc/init.d/ firewall.rules. > >Now generally, I think it would be pretty easy to setup the standard: >-A PREROUTING -p tcp -m tcp --dport 137 -j DROP >into the new script, with simply: >${IPTABLES} -A PREROUTING -p tcp -m tcp --dport 137 -j DROP > >So, that's easy and fine, but what would I do with this part of a config? > >*nat >:PREROUTING ACCEPT [224:14748] >:POSTROUTING ACCEPT [15:191] >:OUTPUT ACCEPT [45:371] >:NLOGNDROP - [0:0] >:NCORPORATEFLTER - [0:0] >:NATIT - [0:0] >:NEWVPNFLTER - [0:0] > >Any thoughts? Am I just missing a really easy way to tell netfilter to load >the old iptables conf from the same directory? > >Thanks in advance! > >Dave Mullen > > I'm not an expert but that looks like the output from the "iptables-save" command, which can be loaded with the "iptables-restore" command, which DL does support... Tim |