Linux IPCHAINS-HOWTO
Rusty Russell
v1.0.8, Tue Jul 4 14:20:53 EST 2000This document aims to describe how to obtain, install and configure the enhanced IP firewalling chains software for Linux, and some ideas on how you might use them.
1. Introduction
2. Packet Filtering Basics
3. I'm confused! Routing, masquerading, portforwarding, ipautofw...
- 3.1 Rusty's Three-Line Guide To Masquerading
- 3.2 Gratuitous Promotion: WatchGuard Rules
- 3.3 Common Firewall-like Setups
- 3.4 More Information on Masquerading
4. IP Firewalling Chains
5. Miscellaneous.
- 5.1 How to Organize Your Firewall Rules
- 5.2 What Not To Filter Out
- 5.3 Filtering out Ping of Death
- 5.4 Filtering out Teardrop and Bonk
- 5.5 Filtering out Fragment Bombs
- 5.6 Changing Firewall Rules
- 5.7 How Do I Set Up IP Spoof Protection?
- 5.8 Advanced Projects
- 5.9 Future Enhancements
6. Common Problems
- 6.1 ipchains -L Freezes!
- 6.2 Inverse doesn't work!
- 6.3 Masquerading/Forwarding Doesn't Work!
- 6.4 -j REDIR doesn't work!
- 6.5 Wildcard Interfaces Don't Work!
- 6.6 TOS Doesn't Work!
- 6.7 ipautofw and ipportfw Don't Work!
- 6.8 xosview is Broken!
- 6.9 Segmentation Fault With `-j REDIRECT'!
- 6.10 I Can't Set Masquerading Timeouts!
- 6.11 I Want to Firewall IPX!
7. A Serious Example.
- 7.1 The Arrangement
- 7.2 Goals
- 7.3 Before Packet Filtering
- 7.4 Packet Filtering for Through Packets
- 7.5 Finally
8. Appendix: Differences between ipchains and ipfwadm.
9. Appendix: Using the ipfwadm-wrapper script.
10. Appendix: Thanks.
Next Previous Contents