[SATLUG] network+ training near san antonio

skolars skolars at cis.sac.accd.edu
Mon Dec 3 12:20:11 CST 2007


skolars wrote:
> Bruce Dubbs wrote:
>> Leif Johnson wrote:
>>  
>>> I did a few Skillpath / Compumaster classes. Not too bad, but kind of
>>> costly. Anyone interested in teaching a full day of IPTABLES 
>>> training in
>>> SA in April? Boy could I use that!
>>>     
>>
>> iptables is not that hard.  Ultimately, it comes down to doing one of
>> three things with a packet: ACCEPT, REJECT, or DROP and the use of
>> REJECT is rare.  The real issue is knowing what to drop and what to 
>> accept.
>>
>> You do also have to have a fairly good knowledge of the internet
>> protocols at the link, ip, and tcp layers to match the packets you
>> decide to ACCEPT or DROP.  Probably 90% of the time you only need to
>> know -s, -d, and -p (source IP, destination IP, and protocol).
>>
>> There are other things too like masquerading/address translation or
>> accounting/logging, but those issues are not that common.  Simple
>> masquerading is a one liner.
>>
>> There are some good tutorials at
>> http://www.netfilter.org/documentation/index.html#documentation-howto
>>
>>   -- Bruce
>>   
> Well said Bruce.  I would like to stress what some might have read 
> over without catching the importance--"a fairly good knowledge of the 
> internet protocols."  If you do not have this, there is no reason for 
> you to be customizing firewall rules.  We could incorporate this into 
> the Open Source Fest in March, if there is enough interest.
>
> Steve
>
Oops, I forgot...there already is a firewall sessions scheduled for 
Friday evening on just this subject.  For those that need a refresher on 
protocols, there will be a session on that Wednesday evening.

Steve



More information about the SATLUG mailing list