On 16/10/12 20:22, Amar Sood wrote:
On 16 October 2012 20:04, Stuart Sears
<stuart(a)sjsears.com> wrote:
> On 16/10/12 14:07, Barry Watson wrote:
>
>>
>> Hey there list,
>>
>> I'd be grateful if someone could recommend please a front-end for
>> iptables?
>> Arno's iptables seems well-regarded.
>>
>
okay, time to take this more seriously...
which distro are you running? many of them have their own tools already.
Do you want a graphical or CLI interface?
/me suspects CLI, but you never can tell
vim :)
He means emacs of course.
<shudders>
Surely noone ever *actually* means emacs? :) [fight! fight! fight!]
In all seriousness, though, I do write all my firewall rules in vim and
load them before the network starts, using the 'iptables-restore' command
RH-type distros already have an init script that does this for you.
Netfilter syntax really isn't that complicated and understanding it does
no harm. I would recommend learning it.
I've set up some basic iptables rules on my VPS that allow/block various
>> ports etc but want to be able to use
iptable's state module too and
>> would
>> like to use a script that's been proved through use.
>>
>
How have you added the rules that you already use?
ip_conntrack state matching rules aren't particularly complicated
Most of those rules look a bit like the following
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- This is a general "allow stuff in if it's part of an existing or related
connection" rule (there are other options, like NEW or INVALID)
- it would be the first rule (because of the -I)
These rules can have protocol and port specifications, too.
It doesn't sound like you have very complex requirements.
My experience with netfilter frontends is they tend to err on the side of
complexity, certainly in terms of the rules they generate, with multiple
custom chains. I like my rules to be readable.
I also find that managing the rules with an editor allows me to add
comments where necessary (and/or use a VCS to permit rollback)
Yes, I realise this wasn't exactly what you asked for, but it Works For Me
(tm)
Thanks in advance for any help/ideas.
>>
>> Barry
>>
>
Regards,
Stuart
--
Stuart Sears RHCA etc.
"It's today!" said Piglet.
"My favourite day," said Pooh.
______________________________**_________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/**mailman/listinfo/users<https://lists.bitfolk…
Thanks for the replies all of you!
My VPS runs Debian Squeeze - I'm perfectly happy using the command line.
It's perfectly possible to write my own commands I suppose. It's just a
question of practicality - it's something else I should learn but in the
meantime (time is short) I'd be happy to use a script to configure a
firewall that I know would do the job.
Some good ideas here - I appreciate the help!
Thanks again,
Barry