PHP Developers Network

_________________
There are 10 types of people in this world, those who understand binary and those who don't

_________________
There are 10 types of people in this world, those who understand binary and those who don't

iptables confuses the crap out of me. I use firehol and find it very good.

I love iptables

In fact, firehol is just a wrapper around iptables - it would be easy for you to write firewalls in plain iptables rules.
And I did stress on the adaptiveness of the firewall - that's the important one

_________________
There are 10 types of people in this world, those who understand binary and those who don't

Is this for a production server?

My development server sits behind a NAT router so I don't really concern myself about outside attacks, only internal screw ups on my behalf.

I'm wondering though if my dedicated server could use this...if it doesn't already have a firewall -- I think it might though.

_________________
There are 10 types of people in this world, those who understand binary and those who don't

I'm not even remotely familiar with IP tables...everything above is just gibberish for the most part...your firewall certianly doesn' t have the easy feeling interface of ZoneAlarm, does it?

I'll re-read your explanation and then go over some articles and see if I can't understand it better and how everything fits togather.

p.s-I do use port forwarding but only for a few minutes a day to let people test my application then I close the ports.

_________________
There are 10 types of people in this world, those who understand binary and those who don't

Or drop the mouse all togather and have an iris tracking device move the cursor to wherever my eyes are and blinking should click...instead of typing the deivce should just pick up brain signals and over time build an entire vocabularly of words I frequently use and automatically inject them based on heuristics and a artificial intelligence algorithm that keeps getting smarter.

Honestly I would love to get rid of the mouse...it slows me down so much in my daily bump and grind...mastering accelerator keys is nice but way to verbose. I've wondered if any kinf o iris tracker exists which I could install on the top of my monitor and move the cursor with my eyes. That would be sweet. If I ever went into computer science for my masters, that would be my thesis.

Hi VladSun

This is a really neat script - thanks - exactly what I have been after.

However, i dont appear to have ipset available on my machine - is there a way of running without it - it seems to be just making sure that kernel records of currently active ip's in memory are flushed, renamed, etc as part of the firewall - what would be the impact if i just comment out all references to ipset in your script and use the iptables parts only?

(i think to install ipset i would neet to rebuild my kernel, which i would rather avoid at this point in time - i have enough problems to contend with at present without compounding them).

If you are still around, or if anyone else has an idea, your help wuold be very much appreciated.

cheers

Another 'thank you' for this posting, and for the detailed explanation.

_________________
There are 10 types of people in this world, those who understand binary and those who don't

_________________
There are 10 types of people in this world, those who understand binary and those who don't