Rui Carmoiptables has been around for a while, and it has matured to the point where it’s just plain silly to spend fortunes on proprietary firewall software.
Resources
- Silent Bob - a revival of one of my favorite curses-based front-ends.
- Traffic accounting scripts
- FireHOL
- countertrace - a way to simulate network latency via
iptables - How to simulate a slow network - using
tcqueueing disciplines andiproute2 - ebtables - for those instances where you really want to get down and dirty at the link level
Notes
Outbound traffic redirection to localhost proxy:
iptables -t nat -A PREROUTING -p tcp -d my.pop.server --dport 110 -j DNAT --to-destination 127.0.0.1:1235
iptables -t nat -A OUTPUT -p tcp -d my.pop.server --dport 110 -j DNAT --to-destination 127.0.0.1:1235
Inbound traffic filtering and redirection (RedHat style):
*nat
:PREROUTING ACCEPT [754:47332]
:POSTROUTING ACCEPT [306:20928]
:OUTPUT ACCEPT [306:20928]
# HOWTO ban a specific nuisance
# -A PREROUTING -s FOE_IP_ADDRESS -j DROP
# remap port access from a single IP address
-A PREROUTING -s FRIEND_IP_ADDRESS -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
COMMIT