Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 64139 - iptables example ruleset
Summary: iptables example ruleset
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All All
: High enhancement (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-09-15 07:45 UTC by Elros Cyriatan
Modified: 2006-07-30 21:39 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Proposed example ruleset (rules-save,1.56 KB, text/plain)
2004-09-15 07:45 UTC, Elros Cyriatan 		Details
Better documented version. (rules-save.example,3.86 KB, text/plain)
2004-09-28 16:07 UTC, Elros Cyriatan 		Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Elros Cyriatan 2004-09-15 07:45:06 UTC 
The current iptables doesn't contain an example ruleset for /var/lib/iptables/rules-save. I'd suggest to add such an example. Attached is a proposed example (it's a fairly secure ruleset that should work for most machines), I'd like to know how you think about it.
Comment 1 Elros Cyriatan 2004-09-15 07:45:41 UTC 
Created attachment 39645 [details]
Proposed example ruleset
Comment 2 Elros Cyriatan 2004-09-28 16:07:39 UTC 
Created attachment 40667 [details]
Better documented version.
Comment 3 SpanKY gentoo-dev 2005-07-11 19:37:35 UTC 
how portable is this across versions ?  i dont really want to keep updating this
thing every time a new version comes out
Comment 4 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-07-11 20:24:18 UTC 
most of that is pretty stock and portable, with the exception of the last lines
that use -m stealth, which is only in hardened-sources (and in the iptables
upstream patch-o-matic).
Comment 5 SpanKY gentoo-dev 2005-07-11 20:30:36 UTC 
is there any real point in documenting all of it considering iptables
save/restore will just overwrite it ? :)
Comment 6 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2006-03-26 19:41:56 UTC 
spanky: do we still need this bug?

The one other problem with this rule-set in re-reviewing it, is if you forgot to start a service and try to connect to it, you get added to the banned hosts, and then after you do start the service, you have to wait to get out of the banned hosts list.

I suggest close with WONTFIX.
Comment 7 SpanKY gentoo-dev 2006-07-30 21:39:25 UTC 
just doesnt really work