My server runs Redhat 7 with a compiled 2.2.18 kernal
I have been very happy with it but now I want to take advantage of bandwidth control that is built into the 2.4 series kernal
My question is will my firewall ruleset be hard to change to the new iptables. And will the Mods (eg. ip_masq_quake ) work with the new kernal
here is my firewall script:-
#Clears the firewall rules
/sbin/ipchains -F
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_quake 26000, 27000, 27910, 27960
/sbin/modprobe ip_masq_cuseeme
/sbin/modprobe ip_masq_vdolive
/sbin/modprobe ip_masq_icq
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
echo "0" > /proc/sys/net/ipv4/conf/all/send_redirects
# only set this if you have more then about 400kb connection ie DSL
echo 262144 > /proc/sys/net/core/rmem_default
echo 262144 > /proc/sys/net/core/rmem_max
echo 262144 > /proc/sys/net/core/wmem_default
echo 262144 > /proc/sys/net/core/wmem_max
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains -A input -j ACCEPT -i eth1 -s 0/0 67 -d 0/0 68 -p udp
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
# Don't forget to stop spoofing etc etc etc
/sbin/ipchains -A input -i eth1 -s 10.0.0.0/8 -d 0/0 -j DENY -l
/sbin/ipchains -A input -i eth1 -s 172.16.0.0/12 -d 0/0 -j DENY -l
/sbin/ipchains -A input -i eth1 -s 192.168.1.0/16 -d 0/0 -j DENY -l
/sbin/ipchains -A input -i eth1 -s 127.0.0.0/8 -d 0/0 -j DENY -l
/sbin/ipchains -A input -i eth1 -s 255.255.255.255 -j DENY -l
/sbin/ipchains -A input -i eth1 -d 0.0.0.0 -j DENY -l
Cheers