necessary (and/or use a VCS to permit rollback)
>
> Yes, I realise this wasn't exactly what you asked for, but it Works For Me
> (tm)
>
>
> Thanks in advance for any help/ideas.
>>>>
>>>> Barry
>>>>
>>>
> Regards,
>
>
>
> Stuart
> --
> Stuart Sears RHCA etc.
> "It's today!" said Piglet.
> "My favourite day," said Pooh.
>
> ______________________________**_________________
> users mailing list
> users@???
> https://lists.bitfolk.com/**mailman/listinfo/users<https://lists.bitfolk.com/mailman/listinfo/users>
>
Thanks for the replies all of you!
My VPS runs Debian Squeeze - I'm perfectly happy using the command line.
It's perfectly possible to write my own commands I suppose. It's just a
question of practicality - it's something else I should learn but in the
meantime (time is short) I'd be happy to use a script to configure a
firewall that I know would do the job.
Some good ideas here - I appreciate the help!
Thanks again,
Barry
--bcaec554091c247eef04cc3dc338
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<br><br><div class=3D"gmail_quote">On 17 October 2012 09:21, Stuart Sears <=
span dir=3D"ltr"><<a href=3D"
mailto:stuart@sjsears.com" target=3D"_blank=
">stuart@???</a>></span> wrote:<br><blockquote class=3D"gmail_qu=
ote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex=
">
<div class=3D"im">On 16/10/12 20:22, Amar Sood wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
On 16 October 2012 20:04, Stuart Sears <<a href=3D"
mailto:stuart@sjsears=
.com" target=3D"_blank">stuart@???</a>> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
On 16/10/12 14:07, Barry Watson wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
<br>
Hey there list,<br>
<br>
I'd be grateful if someone could recommend please a front-end for<br>
iptables?<br>
Arno's iptables seems well-regarded.<br>
</blockquote></blockquote></blockquote>
<br></div>
okay, time to take this more seriously...<br>
<br>
which distro are you running? many of them have their own tools already.<br=
>
Do you want a graphical or CLI interface?<br>
/me suspects CLI, but you never can tell<div class=3D"im"><br>
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><blockquote class=3D"gmail_quote" style=3D"m=
argin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
vim :)<br>
<br>
</blockquote>
<br>
He means emacs of course.<br>
</blockquote></div>
<shudders><br>
Surely noone ever *actually* means emacs? :) [fight! fight! fight!]<br>
<br>
In all seriousness, though, I do write all my firewall rules in vim and loa=
d them before the network starts, using the 'iptables-restore' comm=
and<br>
<br>
RH-type distros already have an init script that does this for you.<br>
<br>
Netfilter syntax really isn't that complicated and understanding it doe=
s no harm. I would recommend learning it.<div class=3D"im"><br>
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><blockquote class=3D"gmail_quote" style=3D"m=
argin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;=
padding-left:1ex">
I've set up some basic iptables rules on my VPS that allow/block variou=
s<br>
ports etc but want to be able to use iptable's state module too and wou=
ld<br>
like to use a script that's been proved through use.<br>
</blockquote></blockquote></blockquote>
<br></div>
How have you added the rules that you already use?<br>
<br>
ip_conntrack state matching rules aren't particularly complicated<br>
Most of those rules look a bit like the following<br>
<br>
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br>
<br>
- This is a
