From: Bruce S. <bw...@ar...> - 2003-05-30 17:46:18
|
> > I see the tutorial optionally loads "ipt_owner". What is that? > > Should I load it too? > > I guess you can match if a local user generated the given packet, see > http://www.netfilter.org/documentation/pomlist/pom-combined.html#owner-socketlookup I guess I'll leave that one commented out in the firewall script. :-) I just uploaded my latest firewall script at: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/devil-linux/build/config/etc/init.d/firewall.rules.2nic?rev=HEAD I think this has all changes suggested, including the limits on logging. Does anything else need to be changed? I haven't had a chance to go through all the other samples/suggestions sent to me privately. I'll get to them sometime, but for now I'm getting a little sick of looking at iptables. :-) So, I've been working on the setup script instead. I hope to have a copy of that uploaded for testing soon. I'll probably stick a stand-alone copy (will not modify real config files) of it on the FTP server so people can play with it outside of the DL development system. - BS |