On Mon, 2002-03-18 at 22:22, Craig White wrote:
> > Yeah I wasn't expecting the order of options to matter either but it
> > seems that -d has to happen before -p in iptables (I'm pretty sure it
> > didn't matter in ipchains). oh well I'm going to see if I can figure it
> > all out tonight if not its going to have to wait for awhile. 
> > 
> ---
> I think order has definitely mattered in ipchains too...if you don't
> think so, put your reject rules before your accept rules...
>
No I didn't mean the "rules" but the options on the rules so that 

ipchains -A input -i $EXTERNAL_INTERFACE -p tcp -y \
	-d $WEB_PORT -j DENY -l 

was the same as 

ipchains -A input -i $EXTERNAL_INTERFACE -d $WEB_PORT \
	-p tcp -y -j DENY -l 

(i think)

iptables seems to care a lot more about such things. 


 
> here are a couple of links to some firewall scripts with iptables that
> may be what you're looking for...
> 
> try
> http://www.e-infomax.com/ipmasq/
> 
> or
> http://www.ecst.csuchico.edu/~dranch/LINUX/ipmasq/c-html/stronger-firewall-examples.html#RC.FIREWALL-2.4.X-STRONGER
> 
> or
> http://heimdall.asgardsrealm.net/linux/firewall/
> 
Thanks, 

I'll check them out now. 

Carl P.