Guide is refering to firewall.gz which should be located at http://www.gentoo.org/doc/en/firewall.gz Please correct or upload the file. Thanks. Reproducible: Didn't try Steps to Reproduce:
plz specify which line or which section. i couldn't find it
seo: just search for it in the doc (security-howto). I know that we had this on the old site, and it prolly just needs moved in cvs.
zhen; it is not in cvs any more. i made the firewall.gz file and i am not sure where i could put in in cvs.. it is just a text file tar gziped.
seo: You can find it here, if not found already: http://www.gentoo.org/doc/en/gentoo-security.xml#doc_chap6 Please also consider checking this line near the end of the script (are you the editor, seo?): ---------8<----------- #Allow client to route through via NAT (Network Address Translation) $IPTABLES -t nat -A POSTROUTING -o $IINTERFACE -j MASQUERADE ---------8<----------- I could be wrong since I'm not too familiar with iptables, but in my setup I have to replace $IINTERFACE by $OINTERFACE for it to work correctly. Like this: $IPTABLES -t nat -A POSTROUTING -o $OINTERFACE -j MASQUERADE Thanks in advance.
vince thanks.. i found where the link was broken kn@insecurigy.dk ; could you possibly revise what vince said?
Sure. It really depends on what you think is the outside and inside of your network. If $IINTERFACE is the inside of your network (In the example 10.0.0.) this is the one to MASQ. You don't want to MASQ the internet to your local network :) When I have the time I'm going to rewrite the firewall part with some automatic blocking of ISP from http://isc.incidents.org/ Anyway hopes this answars your question.
I'm looking forward to your rewriting of the firewall. Sure, it makes sense somehow, but like I said, I'm not too familiar with iptables. I thought -o is --out-interface so naturally I'd use $OINTERFACE.
what is the status on this bug?
Seo doesn't seem active. I'm taking his bugs...
This has been fixed previously.