CLUG meetings
Patrick Cole
z at amused.net
Mon Oct 29 07:52:56 EST 2001
Mon, Oct 29, 2001 at 03:35:56PM +1100, Karun Dambiec wrote:
> Ive just joined the clug list yesterday. I probably won't go to many
> meetings.
> Anyway, About Myself.
> Im currently in year 11 studying at copland college and completing the
> Cisco Network Academy Program.
> I use Mandrake Linux 8.1 as my desktop os and various versions of
> bsd/solaris for my servers. I haven't used iptables but is it possible
> to set up a stateful firewall using it?
Yes, the new netfilter and iptables layers in 2.4 allow you to do a
multitude of things that you would want for a firewall, some of which
include:
* Source and Destionation Network Address Translation
* Masquerading (Special case of SNAT)
* Packet rate limiting
* TCP, UDP, ICMP matches and specific ICMP reject types
* Logging support
There are a bunch of match targets to classify packets and almost as
many targets to do things with those packets.
Look in /lib/iptables for the a complete list, and some may be
described in the linux advanced routing HOWTO.
As well as iptables and netfilter there is also Quality of Service in
2.4, which allows you to use classed based queueing to classify and
limit the the rate at which you deliver bandwidth. You do this with
the 'tc' utility. Traffic Control is only described briefly in the
advanced routing howto (In my opinion) and is a lot more powerful than
most people let on, and just as powerfully undocumented.
Pat
--
Patrick Cole - Debian Developer <ltd at debian.org>
- John Curtin, ANU <Patrick.Cole at anu.edu.au>
- Linear-G Network Solutions <z at linearg.com>
- PGP 1024R/60D74C7D C8E0BC7969BE7899AA0FEB16F84BFE5A
More information about the linux
mailing list