I beat my head against a(ny) wall for quite a while, figuring out ipchains and deciding to use the Hall-Beyer script mentioned in Linux Gazette (#46). (my understanding of the rules was not missing... I simply had no clue about a good generic implementation. I'll always be a newbie in this regard. :)
After placing this into my /etc/pp/ip-up.d/ directory, figuring out minute details, and seeing it work, I discovered the IPMASQ package with its version of an ipchains rule set. The possible advantage I see with that package is the built-in resetting of the firewall rules when the ppp interface is changed (up or down). Other than that the IPMASQ package seems to have a distinctly simpler set of rules than the script. I have no idea which should be better. The script addresses several things I didn't see in the package (TOS settings/blocks of specific susceptable ports), but there might be some unknown advantage in the IPMASQ pkg. which makes it better for me. ???? Is there any reason for picking that package over the script which I have modified for my own system? FWIW the firewall is a 486-66 destined to be mostly just a firewall/gateway after migrating old stuff from it over to my new system this summer... TIA Kenward
