[SATLUG] network+ training near san antonio
Bruce Dubbs
bruce.dubbs at gmail.com
Mon Dec 3 11:38:42 CST 2007
Leif Johnson wrote:
>
> I did a few Skillpath / Compumaster classes. Not too bad, but kind of
> costly. Anyone interested in teaching a full day of IPTABLES training in
> SA in April? Boy could I use that!
iptables is not that hard. Ultimately, it comes down to doing one of
three things with a packet: ACCEPT, REJECT, or DROP and the use of
REJECT is rare. The real issue is knowing what to drop and what to accept.
You do also have to have a fairly good knowledge of the internet
protocols at the link, ip, and tcp layers to match the packets you
decide to ACCEPT or DROP. Probably 90% of the time you only need to
know -s, -d, and -p (source IP, destination IP, and protocol).
There are other things too like masquerading/address translation or
accounting/logging, but those issues are not that common. Simple
masquerading is a one liner.
There are some good tutorials at
http://www.netfilter.org/documentation/index.html#documentation-howto
-- Bruce
More information about the SATLUG
mailing list