On 17/08/04 07:55 -0400, Jim Seymour wrote:
> John Babwell <johnbabwell_at_mailcan.com> wrote:
> >
> > I agree that seeing many examples first is the way to go. With the help
> > of a good book like Linux Firewalls (Ziegler), going the 'pure' route as
> > a newbie is not so bad (if you have the time to do it right at least :).
> > Seeing a commented set of rules that makes sense is even better than
> > checking out a recommended ruleset.
> [snip]
> >
>
> I agree. I've always felt that old saw "A picture's worth a thousand
> words" applied to software use. Lot's of varied examples is a Good
> Thing, IMO.
Lots of *documented and explained* varied examples.
>
> That's how I got up-to-speed quickly on iptables and ipchains:
> (ironically: iptables first): Ran a point-n-drool GUI tool and looked
> at what it created. Then compared that with what the docs and howtos
> had to say. Worked it out from there.
Actually, the syntax is trivial. The harder part is understanding what
chains apply on which part of the packet processing by default. Once you
get that, the syntax boils down to
iptables -t <table> -A <chain> -s <source/net> [ --sport ] -d
<destination/net> [ --dport ] [ -p proto ] [ -m <module> [ --module-option ] ]
-j <target> [ --target-option ]
> On a related note: There's too much stuff to remember anymore. This is
> particularly problematical for things I don't have to touch often. So
> I usually maintain copious cheat-sheet notes.
Comments? Well written comments are good.
> Router configs, for example. I tend to dump those to flat-ASCII files
> and comment them. Particularly the ACLs.
Version Control systems are your friend. Check the config out of CVS and
load it into the router.
This works for almost any text configuration files.
Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Aug 20 2004
Intro
