1 |
On Mon, Apr 12, 2010 at 8:31 AM, Tanstaafl <tanstaafl@×××××××××××.org> wrote: |
2 |
> On 2010-04-11 9:20 AM, Graham Murray wrote: |
3 |
>> Tanstaafl <tanstaafl@×××××××××××.org> writes: |
4 |
>>> I'm a bit clueless when it comes to firewalls, and have no idea what |
5 |
>>> these numbers mean/do: |
6 |
>>> |
7 |
>>> *raw |
8 |
>>> :PREROUTING ACCEPT [4911:886011] |
9 |
>>> :OUTPUT ACCEPT [4546:2818732] |
10 |
>>> COMMIT |
11 |
> |
12 |
>> The numbers are [packets:bytes] which match the rule or table |
13 |
>> concerned. |
14 |
> |
15 |
> Ok, so... I still don't know what they *mean*... ie, is this a hole in |
16 |
> my firewall? What is the raw table used for, in plain english? |
17 |
> |
18 |
> More importantly though... |
19 |
> |
20 |
> When I try to remove the nat and raw tables from my firewall, they don't |
21 |
> go away. I have always kept my rules in a separate file, and when I want |
22 |
> to make changes, I change the external file, then do iptables-restore < |
23 |
> /path/to/iptables-current. |
24 |
> |
25 |
> (My rule set is very small, so this only takes a second or two, so its |
26 |
> not/never been a problem) |
27 |
> |
28 |
> I've been doing it this way for a long time, and all other changes I |
29 |
> have ever made - eg, opening a certain port for a certain host - work |
30 |
> fine, but, when I comment out the raw and nat tables, then restore the |
31 |
> rules, then do iptables-save > path/to/iptables-current-dump, the |
32 |
> examined file still shows the raw and nat tables loaded... ??? |
33 |
> |
34 |
> |
35 |
|
36 |
Here is a very useful book. I think he is the expert. He will answer email. |
37 |
|
38 |
LINUX FIREWALLS |
39 |
Attack Detection and Response with iptables, psad, and fwsnort |
40 |
by Michael Rash |
41 |
|
42 |
ISBN-10: 1-59327-141-7 |
43 |
ISBN-13: 978-1-59327-141-1 |
44 |
|
45 |
No Starch Press, Inc. |
46 |
555 De Haro Street, Suite 250, San Francisco, CA 94107 |
47 |
phone: 415.863.9900; fax: 415.863.9950; info@××××××××.com; www.nostarch.com |
48 |
|
49 |
Librar y of Congress Cataloging-in-Publication Data |
50 |
|
51 |
Rash, Michael. |
52 |
Linux firewalls : attack detection and response with iptables, psad, |
53 |
and fwsnort / Michael Rash. |
54 |
p. cm. |
55 |
Includes index. |
56 |
ISBN-13: 978-1-59327-141-1 |
57 |
ISBN-10: 1-59327-141-7 |
58 |
1. Computers--Access control. 2. Firewalls (Computer security) 3. |
59 |
Linux. I. Title. |
60 |
QA76.9.A25R36 2007 |
61 |
005.8--dc22 |
62 |
2006026679 |
63 |
|
64 |
-- |
65 |
If we can but prevent the government from wasting the labours of the |
66 |
people, under the pretence of taking care of them, they must become |
67 |
happy. - Thomas Jefferson |