Policies and Variables (2 questions)

[Matzko, Michael]

Greetings.

1.  I had setup my ipchains firewall using declared variables at the
beginning of the script (i.e. $ETHERINT=eth0, then I would just call
$ETHERINT when I needed it. . made global changes real easy. . ).  This does
not seem to work with iptables.  Is this true?  Is there a way to set this
up?

2.  Here is a list of what I want this iptables firewall to do.  Can someone
verify if this is possible (in terms of all the services) and if there any
services I will have particular difficulty with?

Firewall
ALL				Inbound					DENY
ALL				Outbound
DENY
ALL				Forward					DENY
Class A			Inbound					DENY
Class B				Inbound					DENY
Class C (internal)		Inbound					DENY
Class D			Inbound					DENY
Class E				Inbound					DENY
Ping				Inbound		FW IP Only
ACCEPT
Ping				Outbound		Anywhere
ACCEPT
Traceroute			Outbound		Anywhere
ACCEPT
Web client			Outbound		Anywhere
ACCEPT
Ftp client			Outbound		Anywhere
ACCEPT
DNS Caching			Outbound		OneNetDNSIP
ACCEPT
IPSpoofing, TCPSynCookie protection turned on

DMZ
Ping				Outbound		Anywhere
ACCEPT
WebSrvr			Inbound		Anywhere		ACCEPT
WebSSLSrvr			Inbound		Anywhere
ACCEPT
Webclient			Outbound		Anywhere
ACCEPT
FTP Srvr			Inbound		Anywhere
ACCEPT
FTP Client			Outbound		Anywhere
ACCEPT
SMTP				Inbound		Anywhere
ACCEPT
SMTP				Outbound		Anywhere
ACCEPT
Net Meeting			Inbound		Anywhere
ACCEPT

Corporate
Ping				Outbound		Anywhere
ACCEPT
Webclient			Outbound		Anywhere
ACCEPT
WebSSLClient			Outbound		Anywhere
ACCEPT
FTP Client			Outbound		Anywhere
ACCEPT
SMTP				Inbound		DMZ
ACCEPT
SMTP				Outbound		DMZ
ACCEPT
Oracle				Outbound		Anywhere
ACCEPT
RealAudio			Outbound		Anywhere
ACCEPT
ICQ				Outbound		Anywhere
ACCEPT
PCAnywhere			Outbound		Anywhere
ACCEPT

QA
Webclient			Outbound		Anywhere
ACCEPT
WebSSLClient			Outbound		Anywhere
ACCEPT
FTP Client			Outbound		Anywhere
ACCEPT

Thanks!