Firewalling 90% complete & tested, questions about writing tone

Jim Gifford lfs at jg555.com
Wed Apr 28 20:40:17 PDT 2004


There is a iptables patch called condition, that will allow you to set
variables into /proc. Let me go into a little more detail, since this is one
of my favorite topics.

The condition patch allows you to create a entry in proc.
    1st you have to setup the rule using - iptables -A INPUT -p tcp -m
condition --condition web_ok --dport 80 -j ACCEPT
    2nd then in your sysv script to load the webserver, you would add the
following line to the startup script
        echo 1 > /proc/net/ipt_condition/web_ok
    To stop it, just change 1 to 0

The only catch to this is that you have to use patch-o-matic to apply the
patch.




More information about the hlfs-dev mailing list