Policies and Variables (2 questions)

Michael A. Dietz mad099@dietznet.net
Tue, 11 Jul 2000 11:35:43 -0500 (CDT) 

#1 Yes variables work the same, that is  a function of your shell script
not ipchains or iptables, (i.e. variables are expanded before
iptables is invoked) however syntax has changed, this is most likely
your problem.  See rusty's guides for syntax changes.  Also see man
iptables.

# 2, see the changelog and man pages.

On Wed, 12 Jul 2000, Matzko, Michael wrote:

> Greetings.
> 
> 1.  I had setup my ipchains firewall using declared variables at the
> beginning of the script (i.e. $ETHERINT=eth0, then I would just call
> $ETHERINT when I needed it. . made global changes real easy. . ).  This does
> not seem to work with iptables.  Is this true?  Is there a way to set this
> up?
> 
> 2.  Here is a list of what I want this iptables firewall to do.  Can someone
> verify if this is possible (in terms of all the services) and if there any
> services I will have particular difficulty with?
> 
> Firewall
> ALL				Inbound					DENY
> ALL				Outbound
> DENY
> ALL				Forward					DENY
> Class A			Inbound					DENY
> Class B				Inbound					DENY
> Class C (internal)		Inbound					DENY
> Class D			Inbound					DENY
> Class E				Inbound					DENY
> Ping				Inbound		FW IP Only
> ACCEPT
> Ping				Outbound		Anywhere
> ACCEPT
> Traceroute			Outbound		Anywhere
> ACCEPT
> Web client			Outbound		Anywhere
> ACCEPT
> Ftp client			Outbound		Anywhere
> ACCEPT
> DNS Caching			Outbound		OneNetDNSIP
> ACCEPT
> IPSpoofing, TCPSynCookie protection turned on
> 
> DMZ
> Ping				Outbound		Anywhere
> ACCEPT
> WebSrvr			Inbound		Anywhere		ACCEPT
> WebSSLSrvr			Inbound		Anywhere
> ACCEPT
> Webclient			Outbound		Anywhere
> ACCEPT
> FTP Srvr			Inbound		Anywhere
> ACCEPT
> FTP Client			Outbound		Anywhere
> ACCEPT
> SMTP				Inbound		Anywhere
> ACCEPT
> SMTP				Outbound		Anywhere
> ACCEPT
> Net Meeting			Inbound		Anywhere
> ACCEPT
> 
> Corporate
> Ping				Outbound		Anywhere
> ACCEPT
> Webclient			Outbound		Anywhere
> ACCEPT
> WebSSLClient			Outbound		Anywhere
> ACCEPT
> FTP Client			Outbound		Anywhere
> ACCEPT
> SMTP				Inbound		DMZ
> ACCEPT
> SMTP				Outbound		DMZ
> ACCEPT
> Oracle				Outbound		Anywhere
> ACCEPT
> RealAudio			Outbound		Anywhere
> ACCEPT
> ICQ				Outbound		Anywhere
> ACCEPT
> PCAnywhere			Outbound		Anywhere
> ACCEPT
> 
> QA
> Webclient			Outbound		Anywhere
> ACCEPT
> WebSSLClient			Outbound		Anywhere
> ACCEPT
> FTP Client			Outbound		Anywhere
> ACCEPT
> 
> Thanks!
> 

-----------------------
Running on Linux 2.2
Where hasn't linux been today!
mad099@dietznet.net