|Olorin2||for starters, clean the out the mess that don't belong there|
|rsimpkins||CodeX: Yes, but you have an advantage over me. I only speak English. You speak two languages.|
CodeX: Perhaps you can charge $110/hour for the extra language. ;)
i am asking hiar cous i try to improve my english too
|Olorin2||Then sort it out according to chains, run the script, dump the config with iptables-save and reload that one with iptables-restore, or simply, use a frontend like ipkungfu.|
And that advice was for free!
CodeX: you wrote it youself right?
and but i have use website www.linuxhomenetworking.com for help
|Olorin2||The last part belongs in /etc/sysctl with the correct syntax for that file.|
|Olorin2||Further on, the moduless in the top should be put in the modprobe.preload? file.|
|peerce||you might also be better off with these HOWTO's rather than that linuxhomenetworking site, much of which was contributed by folks who are somewhat unclear on the concepts. http://netfilter.org/documentation/index.html#documentation-howto|
|CodeX||but if i do it whit lokkit yum works good|
and whene i run that script thene i can use http and the oder port what are open
|peerce||then examine the scripts lokkit generates|
or just use them
|CodeX||but what about DoS attacs|
is lokkit good for it to ?
|peerce||what about them?|
if your network circuit gets flooded, nothing you do can help
do you go around inviting DoS attacks?
|CodeX||no but i like to learn the optimal protection methods|
|peerce||for something to be 'optimal', you must define your metrics|
|sigterm||codex: optimal is having the majority of the (bad) stuff filtered out at your isp before it gets to you.|
|peerce||and,of course THAT requires defining 'bad stuff' rather closely. :D|
|sigterm||but don't hold your breath on that one unless you have some cash onhand|
|peerce||last time some scriptkiddie DoS'd me, they knocked my ISP's main DS3 circuits (4 different ones to different peering points) offline for 18 houors. my (small) ISP was kinda steamed.|
|peerce||this was over channel banning a persistently annoying troll|
whom i suspect was about 13 from his behavior
|so_||25 going on 13 with the internet as a loaded gun|