Warning to 'echo', 'discard' and 'daytime' services too since as per the 'chargen' they can otherwise be used for some nasty denial-of-service attacks.
This is a frequently encountered problem, stemming either from lazyness or inexperience.
Do we need a standard ruleset, and documentation to use it, and have this in the wiki? iptables or iproute2? Does anyone HAVE a working iproute2 setup?
This stuff can be a pain I know - a bit like mowing your lawns, but if you don't do it, eventually you'll be sorry.
Do we need a standard ruleset, and documentation to use it, and have this in the wiki? iptables or iproute2? Does anyone HAVE a working iproute2 setup?
There are tons of example iptables examples out there though I always recommend people to review and tailor the ruleset for their own needs. One such non-AMPR example is the IP Masquerade HOWTO example:
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/stronger-firewall-examples.htm...
The above example is distribution agnostic so it should work on your preferred flavor but there can be benefits of adapting it to either your distribution's native firewall syntax or to some higher level tool that incorporates features like QoS, etc (shorewall, etc). I'm willing to take a stab at putting a baseline config into the Wiki but give me a bit to troll through the archives, review various people's submitted configs, etc. and hopefully come up a config that will work for most base deployments.
--David KI6ZHD