Gentoo Archives: gentoo-user

From: James <wireless@×××××××××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Re: iptables
Date: Fri, 17 Jul 2009 12:14:02
Message-Id: loom.20090717T115503-706@post.gmane.org
In Reply to: Re: [gentoo-user] iptables by Alejandro
1 Alejandro <elcorreodeale <at> gmail.com> writes:
2
3
4
5 > I use APF, for all my desktop/servers with debian and gentoo,
6 > is quite easy and works great. In 10' you have iptables running.
7
8 Interesting. I usually hack my rule by hand, as I like to learn
9 as much about iptables and the ever changing kernel interaction
10 issues. Particularly, I'm experimenting with embedded and very
11 light weight fire hardware (586 processors).
12
13
14 Do you think APF will allow me to use it's front end (gui) to build
15 the raw iptable files and then go into them manually, make
16 edits and changes, and load them manually onto a variety of
17 light_weight linux servers and firewall.
18
19
20 Most of the frontend (gui) systems to iptables, do not simple write
21 out, either the rules one needs.
22 /var/lib/iptables/rules-save file contains a form of the rules
23 or better yet, a front end that just generate raw rules in
24 iptable format that I can read and add to my /etc script?
25
26
27 var/lib/iptables/rules-save
28 first few rules looks like this:
29
30
31 :INPUT DROP [44:2925]
32 :FORWARD ACCEPT [117727109:41814106432]
33 :OUTPUT ACCEPT [75971:11854908]
34 [8913:443731] -A INPUT -p tcp -m tcp --dport 445 -j DROP
35 [2629:133240] -A INPUT -p tcp -m tcp --dport 139 -j DROP
36 [9578:481396] -A INPUT -p tcp -m tcp --dport 135 -j DROP
37 [1174:49600] -A INPUT -p tcp -m tcp --dport 1433 -j DROP
38 [23160:1195298] -A INPUT -p tcp -m tcp --dport 25 -j DROP
39 [198:9532] -A INPUT -p tcp -m tcp --dport 4899 -j DROP
40 [160198:18547126] -A INPUT -i ! eth2 -j ACCEPT
41
42
43
44 The corresponding rules from my script look like this:
45
46 iptables="/sbin/iptables"
47 iptables -F
48 iptables -P INPUT ACCEPT
49 iptables -P OUTPUT ACCEPT
50 iptables -P FORWARD DROP
51 iptables -X
52 $iptables --flush
53 $iptables -t nat --flush
54 $iptables -t mangle --flush
55 $iptables -X
56 $iptables -t nat -X
57 $iptables -t mangle -X
58 $iptables --policy INPUT ACCEPT
59 $iptables --policy OUTPUT ACCEPT
60 $iptables --policy FORWARD ACCEPT
61 $iptables -t nat --policy PREROUTING ACCEPT
62 $iptables -t nat --policy OUTPUT ACCEPT
63 $iptables -t nat --policy POSTROUTING ACCEPT
64 $iptables -t mangle --policy PREROUTING ACCEPT
65 $iptables -t mangle --policy OUTPUT ACCEPT
66
67
68 Im looking for a gui front end to iptables that generates
69 the rules in a format you can put directly into a script.
70
71 Does ADF do this?
72
73 Any other package?
74
75
76 James