Re: [SLUG] packet filtering using ipchains

From: Derek Glidden (dglidden@illusionary.com)
Date: Wed Jul 25 2001 - 12:52:38 EDT


Travis Walls wrote:
>
> Derek,
>
> Thank you very much for your tips. I now realize how difficult making a
> secure firewall really is. I stayed up till about 1 am writing ipchain
> rules. I had about 94 when i was done. Like you said tho, its still not
> really usable as a internet workstation. So Im going to try to find out
> how to make iptables my default filtering software. (i.e. remove
> ipchains config file and make iptables config file) i will then try the
> tedious process of logging blocked services and opening up those that
> are needed. time to learn from the iptables man page...
>
> Thanks so much for your time,

No worries. IPtables *should* be in the 2.4 kernel that RedHat 7.1 uses
so there shouldn't be any magic in making the system work with iptables
over ipchains, other than maybe installing the iptables toolchain.

The 'iptables' tool command-line syntax is very similar to 'ipchains',
but there are a few extra options and some things like the "-l" option
in ipchains to log anything that a rule does have been replaced with
extra targets like the "LOG" target, which makes iptables more powerful
and flexible, but will also make your rulesets larger.

Unfortunately, none of the documentation I've ever found for
ipchains/iptables is too terribly easy to understand. Probably because
the packages themselves and concepts behind them are not entirely easy
to deal with.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval 

usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \ | extract_mpeg2 | mpeg2dec -

http://www.eff.org/ http://www.opendvd.org/ http://www.cs.cmu.edu/~dst/DeCSS/Gallery/



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:50:51 EDT