Talk:Iptables

firewall management

webmin has a web based gui to easily generate rules. fwbuilder is also an easy way to generate rules....

http://www.iptables.info/en/iptables-gui.html

666threesixes666 (talk) 20:23, 4 November 2013 (UTC)

Nothing to action here. Closing discussion. --Maffblaster (talk) 17:35, 21 February 2017 (UTC)

hierarchy

ip v6 second kernel box's hierarchy is messed up & i doubt its a functioning config. 666threesixes666 (talk) 05:32, 22 March 2014 (UTC)

Did you mean the client or the router section? As for client, it's working with kernel 3.18 --Charles17 (talk) 12:25, 24 April 2015 (UTC)

Logging

The following rules added to the end of my firewall.sh script were invaluable. I forget where I picked this scripting up from, likely Arch IPTables site, or one of the ask superuser sites. I don't think this required any additional modules, except the usual minimal Shorewall kernel modules for using IPTables. --Roger (talk) 04:28, 30 August 2016 (UTC)

# LOGGING
# Create a new chain called LOGGING.
iptables -N LOGGING
# Make sure all the remaining incoming connections jump to the LOGGING chain as shown below.
iptables -A INPUT -j LOGGING
# Next, log these packets by specifying a custom "log-prefix".
# FIXME: Requires additional NETFILTER_XT_MATCH_LIMIT kernel module
#iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
# FIXME: Without using NETFILTER_XT_MATCH_LIMIT, use the following rule instead:
iptables -A LOGGING -j LOG --log-prefix "IPTables PACKET DROPPED: " --log-level 7
# Finally, drop these packets too.
iptables -A LOGGING -j DROP