From: Graham L. <mi...@sh...> - 2007-02-11 18:19:18
|
Hi all, The attached patch modifies packetfence v1.6.2 so that it creates and writes to custom chains called PF_INPUT, PF_FORWARD, PF_PREROUTING and PF_POSTROUTING. The default chains are left untouched. This stops packetfence from touching all packets going through the box by default, and makes packetfence significantly safer to install on an existing box. To wire in the custom chains on the interfaces of your choice, the following rules need to be added to the default chains: iptables -A INPUT -t filter -j PF_INPUT iptables -A FORWARD -t filter -j PF_FORWARD iptables -A PREROUTING -t mangle -j PF_PREROUTING iptables -A PREROUTING -t nat -j PF_PREROUTING iptables -A POSTROUTING -t nat -j PF_POSTROUTING Caveat: Make sure that you shut packetfence down, then delete the file var/iptables.bak, and flush all your chains using iptables -F before starting up packetfence again. Regards, Graham -- |