Linux IPCHAINS-HOWTO
Paul Russell,
Paul.Russell@rustcorp.com.au
v1.0.5, 27 October 1998
This document aims to describe how to obtain, install and configure the enhanced IP firewalling chains software for Linux, and some ideas on how you might use them.
1.
Introduction
1.1 What?
1.2 Why?
1.3 How?
1.4 Where?
2.
Packet filtering basics.
2.1 What?
2.2 Why?
2.3 How?
3.
I'm confused! Routing, masquerading, portforwarding, ipautofw...
3.1 Gratuitous Promotion: WatchGuard Rules
3.2 Common Firewall-like Setups
3.3 Private Network: Traditional proxies.
3.4 Private Network: Transparent proxies.
3.5 Private Network: Masquerading.
3.6 Public Network.
3.7 Limited Internal Services
4.
IP firewalling chains.
4.1 How packets traverse the filters.
4.2 Useful Examples
5.
Miscellaneous.
5.1 How to Organize Your Firewall Rules.
5.2 What
not
to filter out.
5.3 Filtering out Ping of Death.
5.4 Filtering out Teardrop and Bonk.
5.5 Filtering out Fragment Bombs.
5.6 Changing firewall rules.
5.7 How do I set up IP spoof protection?
5.8 Advanced projects.
5.9 Future enhancements.
6.
Common problems.
6.1 ipchains -L freezes!
6.2 Masquerading/forwarding doesn't work!
6.3 Wildcard interfaces don't work!
6.4 TOS doesn't work!
6.5
ipautofw
and
ipportfw
don't work!
6.6 xosview is broken!
6.7 Segmentation fault with
-j REDIRECT
!
6.8 I can't set masquerading timeouts!
6.9 I want to firewall IPX!
7.
Appendix: Differences between
ipchains
and
ipfwadm
7.1 Quick-Reference table.
7.2 Examples of translated ipfwadm commands
8.
Appendix: Using the
ipfwadm-wrapper
script.
9.
Appendix: thanks.
