sts.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Wed, 17 Oct 2012 09:19:13 -0000
--bcaec554091c247eef04cc3dc338
Content-Type: text/plain; charset=ISO-8859-1
On 17 October 2012 09:21, Stuart Sears <stuart@???> wrote:
> On 16/10/12 20:22, Amar Sood wrote:
>
>> On 16 October 2012 20:04, Stuart Sears <stuart@???> wrote:
>>
>>> On 16/10/12 14:07, Barry Watson wrote:
>>>
>>>>
>>>> Hey there list,
>>>>
>>>> I'd be grateful if someone could recommend please a front-end for
>>>> iptables?
>>>> Arno's iptables seems well-regarded.
>>>>
>>>
> okay, time to take this more seriously...
>
> which distro are you running? many of them have their own tools already.
> Do you want a graphical or CLI interface?
> /me suspects CLI, but you never can tell
>
>
> vim :)
>>>
>>>
>> He means emacs of course.
>>
> <shudders>
> Surely noone ever *actually* means emacs? :) [fight! fight! fight!]
>
> In all seriousness, though, I do write all my firewall rules in vim and
> load them before the network starts, using the 'iptables-restore' command
>
> RH-type distros already have an init script that does this for you.
>
> Netfilter syntax really isn't that complicated and understanding it does
> no harm. I would recommend learning it.
>
>
> I've set up some basic iptables rules on my VPS that allow/block various
>>>> ports etc but want to be able to use iptable's state module too and
>>>> would
>>>> like to use a script that's been proved through use.
>>>>
>>>
> How have you added the rules that you already use?
>
> ip_conntrack state matching rules aren't particularly complicated
> Most of those rules look a bit like the following
>
> iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> - This is a general "allow stuff in if it's part of an existing or related
> connection" rule (there are other options, like NEW or INVALID)
> - it would be the first rule (because of the -I)
>
> These rules can have protocol and port specifications, too.
>
> It doesn't sound like you have very complex requirements.
> My experience with netfilter frontends is they tend to err on the side of
> complexity, certainly in terms of the rules they generate, with multiple
> custom chains. I like my rules to be readable.
>
> I also find that managing the rules with an editor allows me to add
> comments where necessary (and/or use a VCS to permit rollback)
>
> Yes, I realise this wasn't exactly what you asked for, but it Works For Me
> (tm)
>
>
> Thanks in advance for any help/ideas.
>>>>
>>>> Barry
>>>>
>>>
> Regards,
>
>
>
> Stuart
> --
> Stuart Sears RHCA etc.
> "It's today!" said Piglet.
> "My favourite day," said Pooh.
>
> ______________________________**_________________
> users mailing list
> users@???
> https://lists.bitfolk.com/**mailman/listinfo/users<https://lists.bitfolk.com/mailman/listinfo/users>
>
Thanks for the replies all of you!
My VPS runs Debian Squeeze - I'm perfectly happy using the command line.
It's perfectly possible to write my own commands I suppose. It's just a
question of practicality - it's something else I should learn but in the
meantime (time is short) I'd be happy to use a script to configure a
firewall that I know would do the job.
Some good ideas here - I appreciate the help!
Thanks again,
Barry
--bcaec554091c247eef04cc3dc338
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<br><br><div class=3D"gmail_quote">On 17 October 2012 09:21, Stuart Sears <=
span dir=3D"ltr"><<a href=3D"
mailto:stuart@sjsears.com" target=3D"_blank=
">stuart@???</a>></span> wrote:<br><blockquote class=3D"gmail_qu=
ote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex=
">
<div class=3D"im">On 16/10/12 20:22, Amar Sood wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
On 16 October 2012 20:04, Stuart Sears <<a href=3D"
mailto:stuart@sjsears=
.com" target=3D"_blank">stuart@???</a>> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
On 16/10/12 14:07, Barry Watson wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
<br>
Hey there list,<br>
<br>
I'd be grateful if someone could recommend please a front-end for<br>
iptables?<br>
Arno's iptables seems well-regarded.<br>
</blockquote></blockquote></blockquote>
<br></div>
okay, time to take this more seriousl
