[SATLUG] network+ training near san antonio
skolars
skolars at cis.sac.accd.edu
Mon Dec 3 12:20:11 CST 2007
skolars wrote:
> Bruce Dubbs wrote:
>> Leif Johnson wrote:
>>
>>> I did a few Skillpath / Compumaster classes. Not too bad, but kind of
>>> costly. Anyone interested in teaching a full day of IPTABLES
>>> training in
>>> SA in April? Boy could I use that!
>>>
>>
>> iptables is not that hard. Ultimately, it comes down to doing one of
>> three things with a packet: ACCEPT, REJECT, or DROP and the use of
>> REJECT is rare. The real issue is knowing what to drop and what to
>> accept.
>>
>> You do also have to have a fairly good knowledge of the internet
>> protocols at the link, ip, and tcp layers to match the packets you
>> decide to ACCEPT or DROP. Probably 90% of the time you only need to
>> know -s, -d, and -p (source IP, destination IP, and protocol).
>>
>> There are other things too like masquerading/address translation or
>> accounting/logging, but those issues are not that common. Simple
>> masquerading is a one liner.
>>
>> There are some good tutorials at
>> http://www.netfilter.org/documentation/index.html#documentation-howto
>>
>> -- Bruce
>>
> Well said Bruce. I would like to stress what some might have read
> over without catching the importance--"a fairly good knowledge of the
> internet protocols." If you do not have this, there is no reason for
> you to be customizing firewall rules. We could incorporate this into
> the Open Source Fest in March, if there is enough interest.
>
> Steve
>
Oops, I forgot...there already is a firewall sessions scheduled for
Friday evening on just this subject. For those that need a refresher on
protocols, there will be a session on that Wednesday evening.
Steve
More information about the SATLUG
mailing list