Differences between version 21 and previous revision of PerrysFirewallingScript.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 21 | Last edited on Tuesday, April 4, 2006 2:44:56 pm | by JamieCurtis | Revert |
| Older page: | version 19 | Last edited on Tuesday, April 4, 2006 2:29:41 pm | by JamieCurtis | Revert |
@@ -23,17 +23,18 @@
make install
</verbatim>
This will put things in the following places. By default the configuration lives in <tt>/usr/local/etc/linuxserver-firewall</tt>, the executable in <tt>/usr/local/sbin</tt> and rulsets live in <tt>/usr/local/share/linuxserver-firewall/ruleset.d</tt>
+----
!!!How it works
-The main engine is a script called "firewall". When you run it it sets up some chains, and runs each script in "hosts.d/*", then each script in "interfaces.d/*.if". The "ruleset.d/*" directory is used for customised rulesets, the standard scripts come with a whole heap. Theres also a support directory, but this is for internal use and shouldn't be needed.
+The main engine is a script called "<tt>
firewall</tt>
". When you run it it sets up some chains, and runs each script in "<tt>
hosts.d/*</tt>
", then each script in "<tt>
interfaces.d/*.if</tt>
". The "<tt>
ruleset.d/*</tt>
" directory is used for customised rulesets, the standard scripts come with a whole heap. Theres also a support directory, but this is for internal use and shouldn't be needed.
-!!The hosts.d directory
-This is like the interfaces.d directory, except it's not limited per interface. This is useful if you wish to provide rules for all packets on all interfaces (eg: TypeOfService munging) or if you want to have rules that effect a host no matter which interface packets arrive/leave by. This directory doesn't get used much, but the support is there should you want it :)
+!!The <tt>
hosts.d</tt>
directory
+This is like the <tt>
interfaces.d</tt>
directory, except it's not limited per interface. This is useful if you wish to provide rules for all packets on all interfaces (eg: TypeOfService munging) or if you want to have rules that effect a host no matter which interface packets arrive/leave by. This directory doesn't get used much, but the support is there should you want it :)
-!!The interfaces.d directory
-This has one file per interface, the file is named after the interface with ".if" appended to it, for instance "eth0.if". Each file specifies the rules for that interface. ${if} is an environmental variable which holds the current interface name. Several chains exist for each interface:
+!!The <tt>
interfaces.d</tt>
directory
+This has one file per interface, the file is named after the interface with "<tt>
.if</tt>
" appended to it, for instance "<tt>
eth0.if</tt>
". Each file specifies the rules for that interface. ${if} is an environmental variable which holds the current interface name. Several chains exist for each interface:
;${if}-in: Used by all packets entering by this interface for this host only.
;${if}-out: Used by all packets leaving by this interface for this host only.
;${if}-forward-in: Used by packets coming IN this interface that aren't destined for this host itself.
;${if}-forward-out: Used by packets going OUT an interface that aren't originated by this host itself
