Linux IPCHAINS-HOWTO

Paul Russell, ipchains@rustcorp.com

1. Introduction

• 1.1 What?
• 1.2 Why?
• 1.3 How?
• 1.4 Where?

2. Packet Filtering Basics

• 2.1 What?
• 2.2 Why?
• 2.3 How?

3. I'm confused! Routing, masquerading, portforwarding, ipautofw...

• 3.1 Rusty's Three-Line Guide To Masquerading
• 3.2 Gratuitous Promotion: WatchGuard Rules
• 3.3 Common Firewall-like Setups
• 3.4 More Information on Masquerading

4. IP Firewalling Chains

• 4.1 How Packets Traverse The Filters
• 4.2 Useful Examples

5. Miscellaneous.

• 5.1 How to Organize Your Firewall Rules
• 5.2 What Not To Filter Out
• 5.3 Filtering out Ping of Death
• 5.4 Filtering out Teardrop and Bonk
• 5.5 Filtering out Fragment Bombs
• 5.6 Changing Firewall Rules
• 5.7 How Do I Set Up IP Spoof Protection?
• 5.8 Advanced Projects
• 5.9 Future Enhancements

6. Common Problems

• 6.1 ipchains -L Freezes!
• 6.2 Masquerading/Forwarding Doesn't Work!
• 6.3 -j REDIR doesn't work!
• 6.4 Wildcard Interfaces Don't Work!
• 6.5 TOS Doesn't Work!
• 6.6 ipautofw and ipportfw Don't Work!
• 6.7 xosview is Broken!
• 6.8 Segmentation Fault With `-j REDIRECT'!
• 6.9 I Can't Set Masquerading Timeouts!
• 6.10 I Want to Firewall IPX!

7. A Serious Example.

• 7.1 The Arrangement
• 7.2 Goals
• 7.3 Before Packet Filtering
• 7.4 Packet Filtering for Through Packets
• 7.5 Finally

8. Appendix: Differences between ipchains and ipfwadm.

• 8.1 Quick-Reference table.
• 8.2 Examples of translated ipfwadm commands

9. Appendix: Using the ipfwadm-wrapper script.

10. Appendix: Thanks.