March 6, 2003
4. Do's and Dont's
Here is a general overview of ipchains for Fd Linux. This will be a very straight-forward, intuitive mini-HowTo, so in essence, you are not going to learn the `ipchains` command in this HowTo, but rather, how it will be implemented under Fd Linux.
Again, to stand with what is stated above, you are not going to be learning the `ipchains` command in this HowTo, so usage is essentially up to you.
To learn about the `ipchains` syntax and general usage, goto the IPCHAINS-HOWTO.
This will be a quick overview of the small scripts that will make your `ipchains` experience a little bit easier in Fd Linux:
NOTE: All permissions have been set on the script file.
insrule - use e3 and edit this and add
whatever firewall rules you want, on the top of the script is an example of what
to use, etc. once you are complete with listing your rules, just save and run.
rulelist - it holds the command(s) '
ipchains -L input, output and forward ' this will list what rules you are
implimenting at that very moment.
ruleflush - it holds the command(s) ' ipchains -F input, output and forward ' this will flush ALL of the chain groups.
Do's and Dont's:
After extensive use of `ipchains` under Fd Linux, I've only came across this small flaw that would inhibit some of the rules you make not to work.
DON'T list a source when making rules to block ports, deny certain packets, etc. for some reason it doesn't log them:
YES: ipchains -A input -d 184.108.40.206 1:1024 -p tcp -l -j DENY
NO: ipchains -A input -s 0.0.0.0 -d 220.127.116.11 1:1024 -p tcp -l -j DENY
If you feel that anything should be added to this mini-HowTo, please feel free to send me an Inquiry Ticket about it!