1 |
neysx 05/08/26 23:30:10 |
2 |
|
3 |
Modified: xml/htdocs/doc/en/articles linux-24-stateful-fw-design.xml |
4 |
Log: |
5 |
#103863 Install iptables w/ emerge instead of ./configure.... |
6 |
|
7 |
Revision Changes Path |
8 |
1.3 +15 -22 xml/htdocs/doc/en/articles/linux-24-stateful-fw-design.xml |
9 |
|
10 |
file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/linux-24-stateful-fw-design.xml?rev=1.3&content-type=text/x-cvsweb-markup&cvsroot=gentoo |
11 |
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/linux-24-stateful-fw-design.xml?rev=1.3&content-type=text/plain&cvsroot=gentoo |
12 |
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/linux-24-stateful-fw-design.xml.diff?r1=1.2&r2=1.3&cvsroot=gentoo |
13 |
|
14 |
Index: linux-24-stateful-fw-design.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/linux-24-stateful-fw-design.xml,v |
17 |
retrieving revision 1.2 |
18 |
retrieving revision 1.3 |
19 |
diff -u -r1.2 -r1.3 |
20 |
--- linux-24-stateful-fw-design.xml 15 Aug 2005 23:16:06 -0000 1.2 |
21 |
+++ linux-24-stateful-fw-design.xml 26 Aug 2005 23:30:10 -0000 1.3 |
22 |
@@ -1,5 +1,5 @@ |
23 |
<?xml version='1.0' encoding="UTF-8"?> |
24 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/linux-24-stateful-fw-design.xml,v 1.2 2005/08/15 23:16:06 cam Exp $ --> |
25 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/linux-24-stateful-fw-design.xml,v 1.3 2005/08/26 23:30:10 neysx Exp $ --> |
26 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
27 |
|
28 |
<guide link="/doc/en/articles/linux-24-stateful-fw-design.xml"> |
29 |
@@ -22,8 +22,8 @@ |
30 |
version of the original article, and contains various improvements made by the |
31 |
Gentoo Linux Documentation team --> |
32 |
|
33 |
-<version>1.0</version> |
34 |
-<date>2005-07-28</date> |
35 |
+<version>1.1</version> |
36 |
+<date>2005-08-27</date> |
37 |
|
38 |
<chapter> |
39 |
<title>About this tutorial</title> |
40 |
@@ -106,18 +106,11 @@ |
41 |
Before we start designing a firewall, we need to do two things. First, we need |
42 |
to make sure that the <c>iptables</c> command is available. As root, type |
43 |
<c>iptables</c> and see if it exists. If it doesn't, then we'll need to get it |
44 |
-installed first. Here's how: head over to the netfilter/iptables project page |
45 |
-(<uri>http://www.netfilter.org/</uri>) and grab the most recent version of |
46 |
-<path>iptables.tar.gz</path> (currently <path>iptables-1.1.2.tar.gz</path>) you |
47 |
-can find. Then, install it by typing in the following commands (output omitted |
48 |
-for brevity): |
49 |
+installed first. Here's how we do that: |
50 |
</p> |
51 |
|
52 |
<pre caption="Installing necessary tools"> |
53 |
-# <i>tar xzvf iptables-1.1.2.tar.gz</i> |
54 |
-# <i>cd iptables-1.1.2</i> |
55 |
-# <i>make</i> |
56 |
-# <i>make install</i> |
57 |
+# <i>emerge iptables</i> |
58 |
</pre> |
59 |
|
60 |
</body> |
61 |
@@ -620,7 +613,7 @@ |
62 |
if [ -e /proc/sys/net/ipv4/tcp_ecn ] |
63 |
then |
64 |
echo 0 > /proc/sys/net/ipv4/tcp_ecn |
65 |
-fi |
66 |
+fi |
67 |
</pre> |
68 |
|
69 |
</body> |
70 |
@@ -710,7 +703,7 @@ |
71 |
<pre caption="Spoof protection"> |
72 |
for x in lo eth0 eth1 |
73 |
do |
74 |
- echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter |
75 |
+ echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter |
76 |
done |
77 |
</pre> |
78 |
|
79 |
@@ -873,12 +866,12 @@ |
80 |
if [ -e /proc/sys/net/ipv4/tcp_ecn ] |
81 |
then |
82 |
echo 0 > /proc/sys/net/ipv4/tcp_ecn |
83 |
- fi |
84 |
+ fi |
85 |
|
86 |
<comment># Disable spoofing on all interfaces</comment> |
87 |
- for x in ${INTERFACES} |
88 |
- do |
89 |
- echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter |
90 |
+ for x in ${INTERFACES} |
91 |
+ do |
92 |
+ echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter |
93 |
done |
94 |
|
95 |
if [ "$ROUTER" = "yes" ] |
96 |
@@ -897,7 +890,7 @@ |
97 |
iptables -t nat -A POSTROUTING -o ${UPLINK} -j SNAT --to ${UPIP} |
98 |
fi |
99 |
fi |
100 |
- |
101 |
+ |
102 |
elif [ "$1" = "stop" ] |
103 |
then |
104 |
echo "Stopping firewall..." |
105 |
@@ -1068,12 +1061,12 @@ |
106 |
if [ -e /proc/sys/net/ipv4/tcp_ecn ] |
107 |
then |
108 |
echo 0 > /proc/sys/net/ipv4/tcp_ecn |
109 |
- fi |
110 |
+ fi |
111 |
|
112 |
<comment># Disable spoofing on all interfaces</comment> |
113 |
- for x in ${INTERFACES} |
114 |
+ for x in ${INTERFACES} |
115 |
do |
116 |
- echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter |
117 |
+ echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter |
118 |
done |
119 |
|
120 |
if [ "$ROUTER" = "yes" ] |
121 |
|
122 |
|
123 |
|
124 |
-- |
125 |
gentoo-doc-cvs@g.o mailing list |