| Olorin2 | for starters, clean the out the mess that don't belong there |
| rsimpkins | CodeX: Yes, but you have an advantage over me. I only speak English. You speak two languages. CodeX: Perhaps you can charge $110/hour for the extra language. ;) |
| CodeX | ))) i am asking hiar cous i try to improve my english too |
| Olorin2 | Then sort it out according to chains, run the script, dump the config with iptables-save and reload that one with iptables-restore, or simply, use a frontend like ipkungfu. And that advice was for free! CodeX: you wrote it youself right? |
| CodeX | yes and but i have use website www.linuxhomenetworking.com for help |
| Olorin2 | The last part belongs in /etc/sysctl with the correct syntax for that file. e.g net.ipv4.icmp_echo_ignore_all=1 net.ipv4.conf.all.log_martians=1 yes, ok |
| CodeX | yes |
| Olorin2 | Further on, the moduless in the top should be put in the modprobe.preload? file. |
| CodeX | ? |
| peerce | you might also be better off with these HOWTO's rather than that linuxhomenetworking site, much of which was contributed by folks who are somewhat unclear on the concepts. http://netfilter.org/documentation/index.html#documentation-howto |
| CodeX | but if i do it whit lokkit yum works good and whene i run that script thene i can use http and the oder port what are open |
| peerce | then examine the scripts lokkit generates or just use them |
| CodeX | but what about DoS attacs is lokkit good for it to ? |
| peerce | what about them? if your network circuit gets flooded, nothing you do can help do you go around inviting DoS attacks? |
| CodeX | no but i like to learn the optimal protection methods |
| peerce | for something to be 'optimal', you must define your metrics |
| sigterm | codex: optimal is having the majority of the (bad) stuff filtered out at your isp before it gets to you. |
| peerce | and,of course THAT requires defining 'bad stuff' rather closely. :D |
| sigterm | but don't hold your breath on that one unless you have some cash onhand ;) exactly peerce |
| peerce | last time some scriptkiddie DoS'd me, they knocked my ISP's main DS3 circuits (4 different ones to different peering points) offline for 18 houors. my (small) ISP was kinda steamed. |
| sigterm | lol i bet |
| peerce | this was over channel banning a persistently annoying troll whom i suspect was about 13 from his behavior |
| so_ | 25 going on 13 with the internet as a loaded gun |