opie at 817west.com
Tue Sep 28 16:04:00 CEST 2004
On Tue, 2004-09-28 at 04:19, Contact wrote:
> This helps a bit, but still way out of my league - there is a lot of stuff
> to remember. In the many sites, including the one you list below, they talk
> of various configurations before ever getting to the rules - is this
necessary, no. but it is a standard scripting practice that makes your
life easier. would you rather specify "eth0" 50 times in your script,
and then have to change it 50 times when something hardware-wise
changes? or just change one thing that says "INET_IF=eth0"
> Then a bunch of modules are loaded....
almost all modules are loaded automatically as needed by the kernel.
you should explicitly load "helper" modules that you expect to need;
> Are <if_lan>, <net_lan> and <if_inet> reserved commands or do I need to put
> something in here. I am assuming these are variables and tie in with the
> above - not sure though.
there are no such reserved words/commands with respect to iptables. it
simply does what you tell it to.
> Note: All the other LAN clients have access to the internet via the Linksys
> router as does the Linux box. The router is my gateway....
> One last thing. Is there a way to block an entire domain i.e. domain.com or
> an entire IP block i.e 188.8.131.52/24.
domain--no, not really.
no prob. i know it's already been recommended once, but you ready
should hit this up and down:
Jason Opperisano <opie at 817west.com>
More information about the netfilter