Dhcpcd and iptables problems (BLFS 6.1)

Ken Moffat ken at linuxfromscratch.org
Wed Feb 7 16:17:23 PST 2007


On Wed, Feb 07, 2007 at 06:35:52PM -0500, Darcy Roberts wrote:
> I've solved the running twice issues, thanks.
> 
> I'm kinda dense about the kernel support. I think I've turned on the correct
> options, but there quite a few sub-options. Iptables still complains loudly.
> I'm reluctant to turn everything on.
> 
> Which items/subitems in
> 
> Networking ⇒ Networking Options ⇒ Network Packet Filtering ⇒ Core
> Netfilter Configuration (and) IP: Netfilter Configuration
> 
> Are actually required to be ON ?
> 

 None of them.  I don't use iptables on any of my desktops ;)  You
see, that is the wrong question : any function in *your* iptables
*rules* needs to have the applicable code selected.

 For my own (limited) rules on my firewall I have iptables all as
modules, and I modprobe filter, nat, nat_ftp, MASQUERADE, conntrack,
state, LOG, conntrack_ftp, REJECT.  That box is still running a 2.4
kernel, possibly the module names have changed in 2.6.  Certainly, I
don't take advantage of recent additions to netfilter, and I'm not
advertising public services.  I can get out for http and ftp, from
any of my machines behind the firewall.  I don't do VOIP or torrent,
maybe those need other options.

 I think you need to work out what you expect the rules to do (let
you out, obviously, but are any other machines using this box as a
gateway, and what sort of restrictions do you want to apply to
incoming).  In my case incoming unrelated are mostly logged and
dropped, it's probably only when you need to throttle incoming
connections that you need more.  Read the help for each of the
options, decide what you are going to use, write the rules, then
test it to see if it works.


> Regards,
> Darcy Roberts
> 
 And [ pause for theme-music ] Please don't top post.  Thank you.

ĸen
-- 
das eine Mal als Tragödie, das andere Mal als Farce



More information about the lfs-support mailing list