[SATLUG] network+ training near san antonio

skolars skolars at cis.sac.accd.edu
Mon Dec 3 12:02:04 CST 2007


Bruce Dubbs wrote:
> Leif Johnson wrote:
>   
>> I did a few Skillpath / Compumaster classes. Not too bad, but kind of
>> costly. Anyone interested in teaching a full day of IPTABLES training in
>> SA in April? Boy could I use that!
>>     
>
> iptables is not that hard.  Ultimately, it comes down to doing one of
> three things with a packet: ACCEPT, REJECT, or DROP and the use of
> REJECT is rare.  The real issue is knowing what to drop and what to accept.
>
> You do also have to have a fairly good knowledge of the internet
> protocols at the link, ip, and tcp layers to match the packets you
> decide to ACCEPT or DROP.  Probably 90% of the time you only need to
> know -s, -d, and -p (source IP, destination IP, and protocol).
>
> There are other things too like masquerading/address translation or
> accounting/logging, but those issues are not that common.  Simple
> masquerading is a one liner.
>
> There are some good tutorials at
> http://www.netfilter.org/documentation/index.html#documentation-howto
>
>   -- Bruce
>   
Well said Bruce.  I would like to stress what some might have read over 
without catching the importance--"a fairly good knowledge of the 
internet protocols."  If you do not have this, there is no reason for 
you to be customizing firewall rules.  We could incorporate this into 
the Open Source Fest in March, if there is enough interest.

Steve



More information about the SATLUG mailing list