IPTables-Tutorial
A closer look at the ideas and approaches gleaned from Oskar
Andreasson's IPTables-Tutorial is warranted. His tutorial
influenced the direction of the Easy Firewall Generator more than any
other single work. That's not surprising. The IPTables-Tutorial
was one of the first works produced after the original netfilter HOWTOs.
It has significantly impacted many subsequent works.
The three most significant influences on Easy Firewall Generator
are listed below.
- The basic idea of using separate chains for each type of packet is
presented in the iptables-tutorial. This generator does not
implement it exactly the same way and further applies the concept to
outbound packets traversing the FORWARD chain, but the
iptables-tutorial is the original source of the idea.
- The idea of dropping NEW tcp packets that are not flagged as SYN
packets is one I found only in the iptables-tutorial. Although I
altered the manner in which it was invoked, I incorporated the general
concept into this generator.
- The style of writing and organizing iptables rules used in the
iptables-tutorial is, in my opinion, the clearest and easiest to
read of all the styles I've seen. As such, I adopted that style for use
in this generator.
If you have questions or issues with iptables that are not addressed
by this generator, the IPTables-Tutorial is the best starting
point for additional research. A link to it is maintained in the
Resources page.
Close Window