Chris Palmer, 2002-Jan-27 18:02 -0800: > Hi, all... > > I'm another "normal" Debian user (non-newbie/non-guru <grin>) and I have > some questions on iptables and using modules under 2.4.x. > > I've been running an older Debian system for a while and started out > with ipfwadm on a 2.0.x kernel. Sometime later I upgraded and a wrapper > for ipchains was installed. I had intended to go thru things and learn > ipchains and re-write all my rules to that format, but never got around > to it. Today, I upgraded this machine to woody and built a 2.4.x kernel > and installed iptables. > > I think it went well, as I did some reading and created new rules for my > firewall using iptables, but I think I probably have a bunch of older files > from my 2.0.x kernel install that are probably handled a new way today. > > Can anyone give an overview or pointer to a good writeup of how things > are organized now vs how they were done before, so that I can go thru > my files and learn how to set things up properly?
Do a search on www.google.com for iptables and you get the home page and a tutorial page right off. Both are good sources to start with. > I think I'm not using the new system of ifup and ifdown and I think this > might be the cleaner and simpler setup to go with (I have 2 interfaces > on my machine: one is to the internet, the other is for my private net). > > I'm also hoping to get some help on modules. It looks like kmod is the > current system, but I also have a /etc/modules file that is getting run > by /etc/intit.d/modutils, but I think this is the old way and might be > interfering with things getting loaded properly now (things aren't loading > as I'd expect them to). > > I'd expect that with kmod I no longer have to use insmod or modprobe > manually now and some fuzzy memory of something I read suggests that I > might just need to create some alias entries in a config file somewhere > so that the modules are loaded when the kernel sees requests for the > functions provided by those modules. ? > > Thanks in advance... you guys have always been really helpful. :) > > -Chris What I've done, and from what I gather plenty of others do as well, is use a script placed in /etc/init.d and link to it from /etc/rc2.d so it loads on boot. In this script are all the rules as well as modprobes for the needed modules. Another google search for "iptables script" will give you a few good example pages for this script, which is where I went to build mine. It's helpful to include int he script a "case" section that will allow you to start|stop|reload the script. There are examples on those pages found in the above mentioned goodle search. Hope this helps, jc -- Jeff Coppock Systems Engineer Diggin' Debian Admin and User
