James Stephens

Following on from the announcement of a renewed commitment to Linux by Linksys-Cisco and the release of the Linux-compatible WRT54GL Wireless-G series broadband router (discussed here), this post details how to run Iptables on a Linksys-Cisco WRT54GL router via firmware from DD-WRT. A fully functional example Iptables script is provided to get you started.
(more…)

I have seen posts in a number of online forums to the effect that a couple of rules in the default Iptables firewall configuration under Fedora and Redhat Enterprise Linux are causing confusion.
(more…)

(more…)

How does Iptables work? ….
(more…)

If you are interested in an affordable way to get working with iptables please read on …
(more…)

I’ve been asked a number of times how to allow NFS traffic with iptables.
(more…)

Two example iptables firewall rulesets are provided. Both are designed for a single-homed host and utilize the stateful inspection feature of iptables for all connections.
(more…)

Firstly, you need to load the ip_conntrack_ftp module.Assuming you have a single-homed box, a simple ruleset to allow an ftp connection would be:

(more…)

This post deals with connection tracking and the ICMP protocol.
(more…)

Because it lacks sequence numbers, UDP is known as a “stateless” protocol. However, this does not mean we can’t track UDP connections. There is still other useful information we can utilize. Here is an example state table entry for a newly formed udp connection:

(more…)

A tcp connection is initiated via a three-way handshake involving a synchronization request from the client, a synchronization and an acknowledgement from the server, and finally an acknowledgement from the client. Subsequent traffic flowing between server and client is acknowledged in all cases. The sequence looks like:

(more…)