[SATLUG] network+ training near san antonio
skolars at cis.sac.accd.edu
Mon Dec 3 12:02:04 CST 2007
Bruce Dubbs wrote:
> Leif Johnson wrote:
>> I did a few Skillpath / Compumaster classes. Not too bad, but kind of
>> costly. Anyone interested in teaching a full day of IPTABLES training in
>> SA in April? Boy could I use that!
> iptables is not that hard. Ultimately, it comes down to doing one of
> three things with a packet: ACCEPT, REJECT, or DROP and the use of
> REJECT is rare. The real issue is knowing what to drop and what to accept.
> You do also have to have a fairly good knowledge of the internet
> protocols at the link, ip, and tcp layers to match the packets you
> decide to ACCEPT or DROP. Probably 90% of the time you only need to
> know -s, -d, and -p (source IP, destination IP, and protocol).
> There are other things too like masquerading/address translation or
> accounting/logging, but those issues are not that common. Simple
> masquerading is a one liner.
> There are some good tutorials at
> -- Bruce
Well said Bruce. I would like to stress what some might have read over
without catching the importance--"a fairly good knowledge of the
internet protocols." If you do not have this, there is no reason for
you to be customizing firewall rules. We could incorporate this into
the Open Source Fest in March, if there is enough interest.
More information about the SATLUG