Ian Douglas wrote:
Laurie Brown wrote:
The replacement (and enhancement) for ipchains is iptables, which is only supported in the 2.4 kernel or later.
Thanks for the pointer Laurie. Unfortunately my Linux text books are a little out of date and although saying a bit about ipchains do not mention iptables at all.
We all have that problem. I don't much bother with them these days, because there is ALWAYS a more up-to-date paper on the Net somewhere. One thing about Linux that stands out over 'Doze is the help one gets from others, and especially the amount of documented eventually-successful-trial-and-error sessions there are out there. That doesn't seem to happen much with 'Doze. The alternative seems to be to pay MS for access to the Secret Scrolls or spend hours searching on their various web sites for slanted info and spin. Your first two ports of call should be http://www.google.com and http://www.dejanews.com which are, IMO, utterly essential to any serious IT professional. I'd even pay for access to dejanews...
As usual, Linux >2.4 also supports ipchains, *but* the two can't run on the same box at the same time. It may be that you have iptables already installed. Try typing "iptables -L" and see what happens.
"iptables -L" works so, as you suspected, it appears I must have unknowingly installed iptables when I installed Linux. It is simply that I did not know it existed. I notice that you mention that the two programs cannot coexist... that probably explains why I could not get ipchains to work.
It does indeed. At least your kernel supports iptables, so that's another steep learning curve put off for another day!
... One of the many advantages of the SuSE distro is that it comes with an easy-to-use tool called personal-firewall which is designed for just the scenario you describe. That said, a few hours reading on the net, and some fiddling about will produce a working firewall script which you can call from your ipup script.
Thanks to your help Laurie, now that I know what I am looking for, I have indeed found an easy graphical interface. I must admit however that I like experimenting with things (I guess that is what is drawing me to Linux in the first place) so although I will probably use the graphical interface produced rules as a starting point I would like to experiment with them so as to try to learn what they are doing (though will make sure I back up the original config file first as, knowing me, I will soon render my system unusable!).
It took me a fair while to get my head round ipchains, but once I did, it was easy. It took less time for iptables, but it was still pretty steep, but now I'm quite comfortable with it. I got a huge amount of help from the Net and from ALUG. My firewalls are always dedicated boxes with custom and cut-down kernels, so I'm a bit hazy on using it on a "working" box, but I have scripts to share if you need them.
GUIs are ok in my book, but I'd advise you look at the resultant config and try to understand it. "Real" Linux firewalls are usually some old crappy P100 with 2 NICs, no k/b, monitor or mouse, and certainly no GUI...
Cheers, Laurie.