Yes the update is available on my site, the only this is I haven't change the version number on it. Most global variables are usually user defined, but that being said, because of the complexity and versatility of iptables, you can start writing lots of programming code into it as well.
No doubt you would have come across some extremely complex scripts with lots of code but you will notice some iptables rules in amongst them. The error I had with some of the rules was I have just started to learn ipchains and was using the same theory for iptables.
With ipchains all local and routed data packets comes in on the INPUT chain, after that it must check whether it's destined for a local process (eg. say a web server running on the firewall) if no local process is it's destination in then goes to a routing decision. If it has passed in the opposite direction there will be an entry in the nat table so it will then by-pass the FORWARD chain and go directly to the OUTPUT chain.
But for iptables routing data packets by-pass the INPUT and OUTPUT chains and only use the FORWARD chain. Only local processes use the INPUT and OUTPUT chains. So I had to re-write some of the rules and put the logging chains on my FORWARD rules as well.
Also to forward packets to a server on the inside of your network you need to use the prerouting chain, so I manage to set that up to forward remote desktop to a host on the inside. So that should help you out if you run any services behind your firewall.
|