Friday, February 20, 2004

Re: iptables

Long time no see... :-)

great to hear from you hrishi. and even better on getting some good linux tips. try and post a bit more often. maybe just links of some good resources/features on linux or anything for that matter.

there is actually so much stuff i can ask you on linux actually. did u try kernel 2.6? i tried compiling but on restart get major errors.

your iit festival might have been a blast. did you participate/organise?

Iptables is an excellent packet filtering tool.

i read up on the link you sent and tried one example from the iptables-HOWTO. the example was to disable ping by
# iptables -A INPUT -s -p icmp -j DROP
but i was still able to ping myself !! any ideas.

Isn't a firewall a separate piece of software? Separate from Linux?

actually yes and no. firstly there are two parts, packet filtering and actual rules which say what action to be performed to specific packets. packet filtering capability has to be enabled in the kernel. networking protocols etc are all specified in kernel options during compilation. during normal operation there is the iptable app which sits on top and performs various firewall operations based on the packets which the kernel gets. hrishi, correct me if i goofed in the above explanation.

No comments: