;s been proved through use.<br>
</blockquote></blockquote></blockquote>
<br></div>
How have you added the rules that you already use?<br>
<br>
ip_conntrack state matching rules aren't particularly complicated<br>
Most of those rules look a bit like the following<br>
<br>
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br>
<br>
- This is a general "allow stuff in if it's part of an existing or=
related connection" rule (there are other options, like NEW or INVALI=
D)<br>
- it would be the first rule (because of the -I)<br>
<br>
These rules can have protocol and port specifications, too.<br>
<br>
It doesn't sound like you have very complex requirements.<br>
My experience with netfilter frontends is they tend to err on the side of c=
omplexity, certainly in terms of the rules they generate, with multiple cus=
tom chains. I like my rules to be readable.<br>
<br>
I also find that managing the rules with an editor allows me to add comment=
s where necessary (and/or use a VCS to permit rollback)<br>
<br>
Yes, I realise this wasn't exactly what you asked for, but it Works For=
Me (tm)<div class=3D"im"><br>
<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><blockquote class=3D"gmail_quote" style=3D"m=
argin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;=
padding-left:1ex">
Thanks in advance for any help/ideas.<br>
<br>
Barry<br>
</blockquote></blockquote></blockquote>
<br></div>
Regards,<div class=3D"HOEnZb"><div class=3D"h5"><br>
<br>
<br>
Stuart<br>
-- <br>
Stuart Sears RHCA etc.<br>
"It's today!" said Piglet.<br>
"My favourite day," said Pooh.<br>
<br>
______________________________<u></u>_________________<br>
users mailing list<br>
<a href=3D"
mailto:users@lists.bitfolk.com" target=3D"_blank">users@???=
tfolk.com</a><br>
<a href=3D"
https://lists.bitfolk.com/mailman/listinfo/users" target=3D"_bla=
nk">
https://lists.bitfolk.com/<u></u>mailman/listinfo/users</a></div></div>=
</blockquote><div><br></div><div>Thanks for the replies all of you!</div><d=
iv>
<br></div><div>My VPS runs Debian Squeeze - I'm perfectly happy using t=
he command line.</div><div><br></div><div>It's perfectly possible to wr=
ite my own commands I suppose. It's just a question of practicality - i=
t's something else I should learn but in the meantime (time is short) I=
'd be happy to use a script to configure a firewall that I know would d=
o the job.=A0</div>
<div>=A0</div><div>Some good ideas here - I appreciate the help!=A0</div><d=
iv><br></div><div>Thanks again,</div><div><br></div></div>Barry
--bcaec554091c247eef04cc3dc338--
From zen57162@??? Wed Oct 17 13:43:08 2012
Received: from smarthost03.mail.zen.net.uk ([212.23.1.3])
by mail.bitfolk.com with esmtp (Exim 4.72)
(envelope-from <zen57162@???>) id 1TOTtr-0002zL-NI
for users@???; Wed, 17 Oct 2012 13:43:08 +0000
Received: from [82.70.125.126] (helo=benden.pern)
by smarthost03.mail.zen.net.uk with esmtp (Exim 4.72)
(envelope-from <zen57162@???>) id 1TOTtl-0007eo-87
for users@???; Wed, 17 Oct 2012 13:43:01 +0000
Date: Wed, 17 Oct 2012 14:43:00 +0100
From: john lewis <zen57162@???>
To: users@???
Message-ID: <20121017144300.427e721d@???>
In-Reply-To: <CAHKeXQ3sCrXvqN=dZmLT6ORGdfD8xH-mjLtCjqcSiZrqA1TgZA@???>
References: <CA+q7HTwsEfGBwXVW9xANKWXSW8DB2uao+pjc5LekZC5gzYvP-w@???>
<507DAFA8.4080501@???>
<CAHKeXQ3sCrXvqN=dZmLT6ORGdfD8xH-mjLtCjqcSiZrqA1TgZA@???>
X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Originating-Smarthost03-IP: [82.70.125.126]
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Wed,
17 Oct 2012 13:43:07 +0000
X-SA-Exim-Connect-IP: 212.23.1.3
X-SA-Exim-Mail-From: zen57162@???
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamd0.lon.bitfolk.com
X-Spam-Level:
X-Spam-ASN: AS13037 212.23.0.0/19
X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE
shortcircu
