mirror of https://github.com/tLDP/LDP
122 lines
4.3 KiB
Plaintext
122 lines
4.3 KiB
Plaintext
|
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
|
||
|
|
||
|
<article>
|
||
|
|
||
|
<artheader>
|
||
|
<title>IPTables HOWTO</title>
|
||
|
|
||
|
<author>
|
||
|
<firstname>Matt</firstname>
|
||
|
<surname>Wright</surname>
|
||
|
<affiliation>
|
||
|
<orgname><ulink url="http://www.consultmatt.co.uk">Matt Wright Consulting</ulink></orgname>
|
||
|
<address>
|
||
|
<email>matt@consultmatt.co.uk</email>
|
||
|
</address>
|
||
|
</affiliation>
|
||
|
</author>
|
||
|
|
||
|
<pubdate>2001-11-21</pubdate>
|
||
|
|
||
|
<revhistory>
|
||
|
<revision>
|
||
|
<revnumber>v0.1</revnumber>
|
||
|
<date>2001-11-21</date>
|
||
|
<authorinitials>mww</authorinitials>
|
||
|
<revremark>
|
||
|
Initial writing began.
|
||
|
</revremark>
|
||
|
</revision>
|
||
|
</revhistory>
|
||
|
|
||
|
<abstract>
|
||
|
<para>
|
||
|
This document describes the main functions of the Netfilter Packet
|
||
|
filter (IPTables) included in the 2.4.x series kernels.
|
||
|
</para>
|
||
|
</abstract>
|
||
|
|
||
|
</artheader>
|
||
|
|
||
|
<sect1 id="intro">
|
||
|
<title>Introduction</title>
|
||
|
<para>
|
||
|
I felt the need to write this HOWTO because of, what I thought, is the poor
|
||
|
level of documentation of implementing Packet Filtering firewalls using the 2.4.x Netfilter packet filter. The HOWTO covers using native IPTables commands (ie. not using the ipchains.o) to implement a packet-filter based firewall and the various supported types of NAT.
|
||
|
</para>
|
||
|
|
||
|
<sect2 id="copyright">
|
||
|
<title>Copyright and License</title>
|
||
|
<para>
|
||
|
This document is Copyright 2001 by Matt Wright. Permission is granted
|
||
|
to copy, distribute and/or modify this document under the terms of
|
||
|
the GNU Free Documentation License, Version 1.1 or any later version
|
||
|
published by the Free Software Foundation; with no Invariant
|
||
|
Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A
|
||
|
copy of the license is available at
|
||
|
<ulink url="http://www.gnu.org/copyleft/fdl.html">http://www.gnu.org/copyleft/fdl.html</ulink>
|
||
|
</para>
|
||
|
|
||
|
<para>Send feedback to
|
||
|
<ulink url="mailto:matt@consultmatt.co.uk"><citetitle>matt@consultmatt.co.uk</citetitle></ulink>.
|
||
|
</para>
|
||
|
|
||
|
</sect2>
|
||
|
|
||
|
<sect2 id="author">
|
||
|
<title>About the author</title>
|
||
|
|
||
|
<para> My name is Matt Wright. I'm 16 year-old student in Blackburn,
|
||
|
Lancashire. I'm a freelance Linux consultant. I am the proud owner of
|
||
|
a Duron 950Mhz (all I could easily afford) with 256MB SDRAM, Voodoo 4
|
||
|
Video Card, ATI All-in-Wonder Pro Video Card. I also have a 266Mhz Cyrix
|
||
|
that runs my USB ADSL connection, of which if you are reading this from
|
||
|
<ulink url="http://www.consultmatt.co.uk">http://www.consultmatt.co.uk</ulink>
|
||
|
you will be using. </para>
|
||
|
|
||
|
<para>
|
||
|
You can find me at <ulink url="http://www.consultmatt.co.uk">www.consultmatt.co.uk</ulink>. Or at <ulink url="mailto:matt@consultmatt.co.uk">matt@consultmatt.co.uk</ulink>.
|
||
|
</para>
|
||
|
</sect2>
|
||
|
|
||
|
<sect2 id="greetz">
|
||
|
<title>Acknowledgements</title>
|
||
|
<para><emphasis>TODO: Insert greetz here</emphasis></para>
|
||
|
</sect2>
|
||
|
</sect1>
|
||
|
|
||
|
<sect1 id="whatis">
|
||
|
<title>What is IPTables</title>
|
||
|
<para>IPtables (known as Netfilter) was written by Paul Russell and the other
|
||
|
members of the <ulink url="http://netfilter.samba.org">Netfiler Project
|
||
|
Team</ulink>. It was meant as a replacement for IPChains that was implemented
|
||
|
in the 2.2.x series kernels. It offers true 1:1 NAT capabilities, Packet
|
||
|
filtering and connection tracking.</para>
|
||
|
|
||
|
<para>One major upshot of this is that due to the implementation of connection
|
||
|
tracking you can allow incoming connections by whether or not they relate to
|
||
|
an established connection. There is still some need for helper modules for
|
||
|
some conenction types. (FTP and IRC at the moment)</para>
|
||
|
</sect1>
|
||
|
|
||
|
<sect1 id="req">
|
||
|
<title>Requirements</title>
|
||
|
<para>You only need a couple of things to get IPTables going, these include:</para>
|
||
|
|
||
|
<itemizedlist>
|
||
|
<listitem><para>A 2.4.x series kernel with the Netfilter modules compiled.
|
||
|
(I will deal with the Netfilter code as modules but feel free to compile
|
||
|
them in and ignore the module information.)</para></listitem>
|
||
|
<listitem><para>The IPTables source code, get it from <ulink
|
||
|
url="http://netfilter.samba.org">The Netfilter Project</ulink>
|
||
|
</para></listitem>
|
||
|
<listitem><para>This HOWTO <emphasis role="strong">does not</emphasis>
|
||
|
cover compiling and/or installing IPTables. Usually this is pre-installed
|
||
|
with a 2.4.x distro and if not then please consult the Netfilter website
|
||
|
for more information.</para></listitem>
|
||
|
</itemizedlist>
|
||
|
|
||
|
</sect1>
|
||
|
|
||
|
|
||
|
</article>
|