Re: [Devil-linux-develop] Firewall script for 2 NIC's & NAT.

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

> > I see the tutorial optionally loads "ipt_owner".  What is that?
> > Should I load it too?
> 
> I guess you can match if a local user generated the given packet, see
>    http://www.netfilter.org/documentation/pomlist/pom-combined.html#owner-socketlookup

I guess I'll leave that one commented out in the firewall script.  :-)

I just uploaded my latest firewall script at:

http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/devil-linux/build/config/etc/init.d/firewall.rules.2nic?rev=HEAD

I think this has all changes suggested, including the limits on logging.
Does anything else need to be changed?

I haven't had a chance to go through all the other samples/suggestions
sent to me privately.  I'll get to them sometime, but for now I'm
getting a little sick of looking at iptables.  :-) 

So, I've been working on the setup script instead.  I hope to have a
copy of that uploaded for testing soon.  I'll probably stick a
stand-alone copy (will not modify real config files) of it on the FTP
server so people can play with it outside of the DL development system.

 - BS