Add new comment

Want to support HowtoForge? Become a subscriber!
iptables rules
Submitted by Anonymous (not registered) on Thu, 2005-10-20 04:23.
In year 2005, writing hand-crafted iptables rules makes about as much sense as using assembly language to produce dynamic webpages. Sure, you can do it and it offers the best possible performance, but does it make sense?

There are dozens of tools that makes it easy to manage iptables. Among those, 2 open source projects stand out far above the rest:

1. Shorewall - http://www.shorewall.net/
2. FireHOL - http://firehol.sourceforge.net/

It is very easy to make mistakes with hand-crafted iptables rules that is hard to detect. You can end up with numerous security holes without even being aware of their existence until someone exploits them.

Seriously consider using one of the above tools, you'll find that they provide all the flexibility you need for managing iptables without having to hand-craft rules using iptables syntax.

I started using shorewall to manage my iptables and I've never looked back. And this includes gateways with multiple ethernet cards, public servers, and secure desktops.

Try any 3 iptables-related projects--the 2 mentioned above and 1 other of your choice. Pick one and you'll end up far better than directly writing iptables rules.

Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.

Reply

*
*
The content of this field is kept private and will not be shown publicly.


*

  • Images can be added to this post.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <div>
  • Lines and paragraphs break automatically.
More information about formatting options