amilivojevic at pbl.ca
Tue Sep 28 16:09:13 CEST 2004
> This helps a bit, but still way out of my league - there is a lot of stuff
> to remember. In the many sites, including the one you list below, they talk
> of various configurations before ever getting to the rules - is this
Those are variables in shell script. Basically they are there to make
your life easier when you need to modify something. These two will do
iptables -A INPUT -i eth0 .....
iptables -A INPUT -i "$INET_IFACE" .....
> Then a bunch of modules are loaded....
Most of them you don't need to load by hand (they'll get loaded
automatically). There are few exceptions, such as ip_nat_ftp module
that needs to be loaded explicitly (if you need it, that is).
> Are <if_lan>, <net_lan> and <if_inet> reserved commands or do I need to put
> something in here. I am assuming these are variables and tie in with the
> above - not sure though.
Those are the places in Rob's examples where you need to fill in your
data. For example you would chage <if_inet> to eth0 or "$INET_IFACE".
> One last thing. Is there a way to block an entire domain i.e. domain.com or
> an entire IP block i.e 220.127.116.11/24.
You can block only by IP address (host or network). You can't block by
domain name (which would be an useless feature even if it was possible,
lurking people into false sense of security).
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the netfilter