iptables for Debian
----------------------

The iptables package consists of a set of powerful packet filtering
administration tools for netfilter. The tools can easily be misused,
causing enormous amounts of grief by completely cripple network 
access to a computer system. It is not terribly uncommon for a remote 
system administrator to accidentally lock himself out of a system 
hundreds or thousands of miles away. One can even manage to lock 
himself out of a computer who's keyboard is under his fingers. Please,
use due caution.

The iptables init.d setup is a set of scripts that manage iptables
by saving, loading, or clearing whole static iptables rulesets. The 
setup does not provide any sort of system security by default.
Creating the packet filtering rules is left to the devices of the
system administrator. Again, please use due caution and read
/etc/default/iptables for more information on the init.d setup.

The iptables source code provides kernel source code updates in the
for of "patch-o-matic" ("pom") kernel patches. The pom kernel source
updates allow iptables to compile various extension modules. Some
of the modules are wonderful, some experimental, some plain broken, 
and others yet induce kernel level structure changes that cause iptables
source to produce a binary that is incompatible with "normal" kernels.

Effort has been made to include as many extension modules as possible. 
Actually utilizing those modules is likely to require custom kernels
built with pom enhancements, or newer kernel releases, which are fed
pom enhancements. It may be necessary to compile a custom iptables
package or source to create additional extension modules and accommodate 
the kernel enhancements.

More documentation and some examples can be found in 
/usr/share/doc/iptables/ and at http://www.netfilter.org/.

Laurence J. Lane <ljlane@debian.org>,  Sat, 23 Mar 2002 18:04:22 -0500