Is there a mistake here ? from http://tldp.org/HOWTO/Firewall-HOWTO-7.html

http://tldp.org/HOWTO/Firewall-HOWTO-7.html

# Allow Web connections to outside Web Servers
/sbin/ipfwadm -F -a accept -b -P tcp -S 192.1.2.* 80 -D 0.0.0.0/0
1024:65535
# Allow DNS traffic
/sbin/ipfwadm -F -a accept -b -P udp -S 0.0.0.0/0 53 -D 192.1.2.0/24

is there a mistake in line 2 ?

should that not be

/sbin/ipfwadm -F -a accept -b -P tcp -S 192.1.2.* 1024:65535 -D
0.0.0.0/0 80

Re: Is there a mistake here ? from http://tldp.org/HOWTO/Firewall-HOWTO-7.html

On 17 May 2007, in the Usenet newsgroup comp.security.firewalls, in article
<1179394415.998006.25500@q23g2000hsg.googlegroups.com>, navti wrote:

>http://tldp.org/HOWTO/Firewall-HOWTO-7.html

5.1. Selecting a Kernel

[...]

The bilt in Linux firewall have changed several times. If you are
using an old Linux kernel (1.0.x or older) geta new copy. These older
used ipfwadm from http://www.xos.nl/linux/ipfwadm/ and is no longer
supported.

Speeling errors are in the original document. Also,

7. IP filtering setup (IPFWADM)

If you are using kernel 2.1.102 or newer skip to the next section on
IPCHAINS.

># Allow Web connections to outside Web Servers
>/sbin/ipfwadm -F -a accept -b -P tcp -S 192.1.2.* 80 -D 0.0.0.0/0
>1024:65535
># Allow DNS traffic
>/sbin/ipfwadm -F -a accept -b -P udp -S 0.0.0.0/0 53 -D 192.1.2.0/24
>
>is there a mistake in line 2 ?

Actually, both of those lines are wrong, but why are you looking at a
firewall tool that has been virtually unsupported for over six years,
and does not work in a 2.6.x kernel.

>should that not be
>
>/sbin/ipfwadm -F -a accept -b -P tcp -S 192.1.2.* 1024:65535 -D
>0.0.0.0/0 80

Yes, and there are other errors as well, but unless this is a homework
question, you should be reading the IP-Masquerade-HOWTO (even the
IPCHAINS-HOWTO is outdated), and also looking at the materials you can
find on http://www.netfilter.org/documentation/HOWTO/ or
http://www.iptables.org/documentation/HOWTO/ which actually redirects to
the netfilter.org site.

Old guy

Re: Is there a mistake here ? from http://tldp.org/HOWTO/Firewall-HOWTO-7.html

On May 17, 8:54 pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:
> On 17 May 2007, in the Usenet newsgroup comp.security.firewalls, in article
>
> <1179394415.998006.25...@q23g2000hsg.googlegroups.com>, navti wrote:
> >http://tldp.org/HOWTO/Firewall-HOWTO-7.html
>
> 5.1. Selecting a Kernel
>
> [...]
>
> The bilt in Linux firewall have changed several times. If you are
> using an old Linux kernel (1.0.x or older) geta new copy. These older
> used ipfwadm fromhttp://www.xos.nl/linux/ipfwadm/and is no longer
> supported.
>
> Speeling errors are in the original document. Also,
>
> 7. IP filtering setup (IPFWADM)
>
> If you are using kernel 2.1.102 or newer skip to the next section on
> IPCHAINS.
>
> ># Allow Web connections to outside Web Servers
> >/sbin/ipfwadm -F -a accept -b -P tcp -S 192.1.2.* 80 -D 0.0.0.0/0
> >1024:65535
> ># Allow DNS traffic
> >/sbin/ipfwadm -F -a accept -b -P udp -S 0.0.0.0/0 53 -D 192.1.2.0/24
>
> >is there a mistake in line 2 ?
>
> Actually, both of those lines are wrong, but why are you looking at a
> firewall tool that has been virtually unsupported for over six years,
> and does not work in a 2.6.x kernel.
>
> >should that not be
>
> >/sbin/ipfwadm -F -a accept -b -P tcp -S 192.1.2.* 1024:65535 -D
> >0.0.0.0/0 80
>
> Yes, and there are other errors as well, but unless this is a homework
> question, you should be reading the IP-Masquerade-HOWTO (even the
> IPCHAINS-HOWTO is outdated), and also looking at the materials you can
> find onhttp://www.netfilter.org/documentation/HOWTO/ orhttp://www.iptables.org/documentation/HOWTO/which actually redirects to
> the netfilter.org site.
>
> Old guy

thanks.

I was just doing some general research on firewalls when i came across
this article.

I was a bit puzzled by that line as just wanted to make sure it was
wrong,

I dont use a Linux firewall , i use a netgear .

Re: Is there a mistake here ? from http://tldp.org/HOWTO/Firewall-HOWTO-7.html

On 17 May 2007, in the Usenet newsgroup comp.security.firewalls, in article
<1179432527.421308.46970@k79g2000hse.googlegroups.com>, navti wrote:
>On May 17, 8:54 pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:

>> Yes, and there are other errors as well, but unless this is a homework
>> question, you should be reading the IP-Masquerade-HOWTO (even the
>> IPCHAINS-HOWTO is outdated), and also looking at the materials you can
>> find on http://www.netfilter.org/documentation/HOWTO/ or
> http://www.iptables.org/documentation/HOWTO/ which actually redirects
>> to the netfilter.org site.

>thanks.
>
>I was just doing some general research on firewalls when i came across
>this article.

Ahh, OK. The Linux Documentation Project has a large number of documents
concerning "how to" do a number of important (and not so important) tasks
using the Linux O/S. You can find a description of them by searching for
the "HOWTO-INDEX". You can find a "current" tarball of the 450+ documents
(about 30.5 Megs uncompressed - 692K lines, 3.8 million words) at the
ftp/web server 'ibiblio.org' in the /pub/Linux/docs/HOWTO/ directory (as
well as individual copies of documents). A cron-job tells me this looks
like this:

7106026 May 18 09:01 Linux-HOWTOs-20070518.tar.bz2
8879237 May 18 09:01 Linux-HOWTOs-20070518.tar.gz
29 May 18 09:02 Linux-HOWTOs.tar.bz2 -> Linux-HOWTOs-20070518.tar.bz2
28 May 18 09:02 Linux-HOWTOs.tar.gz -> Linux-HOWTOs-20070518.tar.gz

>I was a bit puzzled by that line as just wanted to make sure it was
>wrong,

That document is a bit over seven years old and probably unmaintained,
but I was surprised of the number of typ0s, concept and speeling errors
it contained. The docs are normally much better than that.

For _concepts_ (along with examples), I'd strongly recommend the
'netfilter.org' site mentioned above ("Rusty Russell" is the main
author of the current firewall code, although many others contribute)
and is a pretty decent author. Other documents (HOWTOs) that would
help (or be of interest) are:

-rw-rw-r-- 1 gferg ldp 708351 Nov 14 2005 IP-Masquerade-HOWTO
-rw-rw-r-- 1 gferg ldp 17605 Jul 21 2004 Masquerading-Simple-HOWTO
-rw-rw-r-- 1 gferg ldp 45604 Apr 18 2006 Networking-Overview-HOWTO
-rw-rw-r-- 1 gferg ldp 155096 Jan 23 2004 Security-HOWTO
-rw-rw-r-- 1 gferg ldp 278012 Jul 23 2002 Security-Quickstart-HOWTO

>I dont use a Linux firewall , i use a netgear .

At home, the firewall is what's left of some ancient 386SX-16 laptop,
without case, keyboard, or display. It's more than adequate for a cable
connection, and also has a modem for dialout as a backup.

Old guy

Re: Is there a mistake here ? from http://tldp.org/HOWTO/Firewall-HOWTO-7.html

On May 18, 9:04 pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:
> On 17 May 2007, in the Usenet newsgroup comp.security.firewalls, in article
>
> <1179432527.421308.46...@k79g2000hse.googlegroups.com>, navti wrote:
> >On May 17, 8:54 pm, ibupro...@painkiller.example.tld (Moe Trin) wrote:
> >> Yes, and there are other errors as well, but unless this is a homework
> >> question, you should be reading the IP-Masquerade-HOWTO (even the
> >> IPCHAINS-HOWTO is outdated), and also looking at the materials you can
> >> find onhttp://www.netfilter.org/documentation/HOWTO/or
> > http://www.iptables.org/documentation/HOWTO/which actually redirects
> >> to the netfilter.org site.
> >thanks.
>
> >I was just doing some general research on firewalls when i came across
> >this article.
>
> Ahh, OK. The Linux Documentation Project has a large number of documents
> concerning "how to" do a number of important (and not so important) tasks
> using the Linux O/S. You can find a description of them by searching for
> the "HOWTO-INDEX". You can find a "current" tarball of the 450+ documents
> (about 30.5 Megs uncompressed - 692K lines, 3.8 million words) at the
> ftp/web server 'ibiblio.org' in the /pub/Linux/docs/HOWTO/ directory (as
> well as individual copies of documents). A cron-job tells me this looks
> like this:
>
> 7106026 May 18 09:01 Linux-HOWTOs-20070518.tar.bz2
> 8879237 May 18 09:01 Linux-HOWTOs-20070518.tar.gz
> 29 May 18 09:02 Linux-HOWTOs.tar.bz2 -> Linux-HOWTOs-20070518.tar.bz2
> 28 May 18 09:02 Linux-HOWTOs.tar.gz -> Linux-HOWTOs-20070518.tar.gz
>
> >I was a bit puzzled by that line as just wanted to make sure it was
> >wrong,
>
> That document is a bit over seven years old and probably unmaintained,
> but I was surprised of the number of typ0s, concept and speeling errors
> it contained. The docs are normally much better than that.
>
> For _concepts_ (along with examples), I'd strongly recommend the
> 'netfilter.org' site mentioned above ("Rusty Russell" is the main
> author of the current firewall code, although many others contribute)
> and is a pretty decent author. Other documents (HOWTOs) that would
> help (or be of interest) are:
>
> -rw-rw-r-- 1 gferg ldp 708351 Nov 14 2005 IP-Masquerade-HOWTO
> -rw-rw-r-- 1 gferg ldp 17605 Jul 21 2004 Masquerading-Simple-HOWTO
> -rw-rw-r-- 1 gferg ldp 45604 Apr 18 2006 Networking-Overview-HOWTO
> -rw-rw-r-- 1 gferg ldp 155096 Jan 23 2004 Security-HOWTO
> -rw-rw-r-- 1 gferg ldp 278012 Jul 23 2002 Security-Quickstart-HOWTO
>
> >I dont use a Linux firewall , i use a netgear .
>
> At home, the firewall is what's left of some ancient 386SX-16 laptop,
> without case, keyboard, or display. It's more than adequate for a cable
> connection, and also has a modem for dialout as a backup.
>
> Old guy

thanks dude

enjoy your weekend