Linux IPCHAINS-HOWTO
Paul Russell
Paul.Russell@rustcorp.com.au
v0.8, 31 July 1998
This document aims to describe how to obtain, install and configure the enhanced IP firewalling chains software for Linux, and some ideas on how you might use them.
1.
Introduction
1.1 What?
1.2 Why?
1.3 How?
1.4 Where?
2.
Packet filtering basics.
2.1 What?
2.2 Why?
2.3 How?
3.
IP firewalling chains.
3.1 How packets traverse the filters.
3.2 Useful Examples
4.
Miscellaneous.
4.1 How to organise your firewall rules.
4.2 What
not
to filter out.
4.3 Filtering out Ping of Death.
4.4 Filtering out Teardrop and Bonk.
4.5 Filtering out Fragment Bombs.
4.6 Changing firewall rules.
4.7 How do I set up IP spoof protection?
4.8 Advanced projects.
4.9 Future enhancements.
5.
Common problems.
5.1 Masquerading/forwarding doesn't work!
5.2 Wildcard interfaces don't work!
5.3 TOS doesn't work!
5.4
ipautofw
and
ipportfw
don't work!
5.5 xosview is broken!
5.6 Segmentation fault with
-j REDIRECT
!
5.7 I can't set masquerading timeouts!
5.8 I want to firewall IPX!
6.
Appendix: Differences between
ipchains
and
ipfwadm
6.1 Quick-Reference table.
6.2 Examples of translated ipfwadm commands
7.
Appendix: Using the
ipfwadm-wrapper
script.
8.
Appendix: thanks.