Re: [Sheflug] Firewalling - BSD and iptables

["Chris J/#6" <xxxxx [at] xxxxxxxxxxxx>]

> 
> IMO, the way that the rules are set up now is much easier to think
> about.
> 

I haven't looked much up myself ... had a quick scan of Rusty's gudes and 
being able to NAT to limited ports or over a range of IP's is possible 
apparently. Not bother reading the OpenBSD stuff (yet) but I'm happily 
working my way through various intoxicating liquids, so that might not 
happen tonight :)

> INPUT - packets destined for the firewall box.
> FORWARD - only packets going through/across the box (i.e. NAT)
> OUTPUT - packets from the firewall box 
> 
> IIRC, "input" under ipchains includes all incoming packets.
> 

OpenBSD seperates NAT and packet filtering as two distinct functions, and 
as such has two seperate config files and two seperate programs to manage 
the pair. For me, this makes more sense to my brain. Other people wiring 
may vary though :)

> Excuse me if I'm a bit quiet over the next few days - I'm off to
> Edinburgh for the weekend.
> 

Have a good 'un :)

Chris...

-- 
\ Chris Johnson           \  "If not for me then, do it for yourself. If not
 \ cej [at] nccnet.co.uk        \  for then do it for the world." -- Stevie Nicks
  \ www.nccnet.co.uk/~cej/  ~-----------------------------------------+
   \ Redclaw chat - http://redclaw.org.uk - telnet redclaw.org.uk 2000 \____


___________________________________________________________________

Sheffield Linux User's Group - http://www.sheflug.co.uk . 
To unsubscribe from this list send mail to 
shef-lug-request@list.sheflug.org.uk with the word
"unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.