Context Navigation

-              rff40dcf
+              rab6bf6a
   <!ENTITY iptables-download-http "http://www.netfilter.org/projects/iptables/files/iptables-&iptables-version;.tar.bz2">
   <!ENTITY iptables-download-ftp  "ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2">
   <!ENTITY iptables-md5sum        "bc0f0adccc93c09dc5b7507ccba93148">
   <!ENTITY iptables-size          "700 KB">
   <!ENTITY iptables-buildsize     "17 MB">
   <!ENTITY iptables-time          "0.2 SBU">
+  <!ENTITY iptables-md5sum        "602ba7e937c72fbb7b1c2b71c3b0004b">
+  <!ENTITY iptables-size          "704 KB">
+  <!ENTITY iptables-buildsize     "22 MB">
+  <!ENTITY iptables-time          "0.1 SBU">
 ]>
 …
     <para>
       <application>iptables</application> is a userspace command line program
       used to configure Linux 2.4 and later kernel packet filtering ruleset.
+      used to configure the Linux 2.4 and later kernel packet filtering ruleset.
     </para>
 …
       <xref linkend="libpcap"/> (required for nfsypproxy support),
       <ulink url="https://github.com/tadamdam/bpf-utils">bpf-utils</ulink>
       (required for Berkely Packet Filter support),
+      (required for Berkeley Packet Filter support),
       <ulink url="https://netfilter.org/projects/libnfnetlink/">libnfnetlink</ulink>
       (required for connlabel support),
       <ulink url="https://netfilter.org/projects/libnetfilter_conntrack/">libnetfilter_conntrack"</ulink>
+      <ulink url="https://netfilter.org/projects/libnetfilter_conntrack/">libnetfilter_conntrack</ulink>
       (required for connlabel support), and
       <ulink url="https://netfilter.org/projects/nftables/">nftables</ulink>
 …
     <para>
       <parameter>--disable-nftables</parameter>: This switch disables building
       nftables compat. <!--Omit this switch if you have installed
+      nftables compatibility. <!--Omit this switch if you have installed
       <xref linkend="nftables"/>.-->
     </para>
 …
     <para>
       <parameter>--with-xtlibdir=/lib/xtables</parameter>: Ensure all
       <application>iptables</application> modules are installed in the
+      <parameter>--with-xtlibdir=/lib/xtables</parameter>: This switch ensures that
+      all <application>iptables</application> modules are installed in the
       <filename class="directory">/lib/xtables</filename> directory.
     </para>
 …
     <para>
       <command>ln -sfv ../../sbin/xtables-legacy-multi /usr/bin/iptables-xml</command>:
+      Ensure the symbolic link for <command>iptables-xml</command> is relative.
+      This command ensures that the symbolic link for the
+      <command>iptables-xml</command> command is relative.
     </para>
 …
       <para>
         A Personal Firewall is designed to let you access all the
         services offered on the Internet, but keep your box secure and
+        services offered on the Internet while keeping your computer secure and
         your data private.
       </para>
 …
         url="http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html">
         Linux 2.4 Packet Filtering HOWTO</ulink>. It is still applicable
         to the Linux 3.x kernels.
+        to the Linux 5.x kernels.
       </para>
 …
 iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 # Log everything else. What's Windows' latest exploitable vulnerability?
+# Log everything else.
 iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT "
 …
 iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 # Log everything else. What's Windows' latest exploitable vulnerability?
+# Log everything else.
 iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT "
 …
       <para>
         A network Firewall has two interfaces, one connected to an
+        A Network Firewall has two interfaces, one connected to an
         intranet, in this example <emphasis role="strong">LAN1</emphasis>,
         and one connected to the Internet, here <emphasis
         role="strong">WAN1</emphasis>. To provide the maximum security
         for the firewall itself, make sure that there are no unnecessary
         servers running on it such as <application>X11</application> et al.
+        servers running on it such as <application>X11</application>.
         As a general principle, the firewall itself should not access
         any untrusted service (think of a remote server giving answers that
 …
         </listitem>
         <listitem>
           <para id='fw-BB-4-ipt' xreflabel="BusyBox with iptable example number 4">
+          <para id='fw-BB-4-ipt' xreflabel="BusyBox with iptables example number 4">
             If you are frequently accessing FTP servers or enjoy chatting, you
             might notice delays because some implementations of these daemons
 …
       <seglistitem>
         <seg>
+          ip6tables, ip6tables-restore, ip6tables-save, iptables, iptables-restore,
+          iptables-save, iptables-xml, nfsynproxy (optional) and xtables-multi
+          ip6tables,
+          ip6tables-apply,
+          ip6tables-legacy,
+          ip6tables-legacy-restore,
+          ip6tables-legacy-save,
+          ip6tables-restore,
+          ip6tables-save,
+          iptables,
+          iptables-apply,
+          iptables-legacy,
+          iptables-legacy-restore,
+          iptables-legacy-apply,
+          iptables-restore,
+          iptables-save,
+          iptables-xml,
+          nfsynproxy (optional),
+          and xtables-multi
         </seg>
         <seg>
+          libip4tc.so, libip6tc.so, libipq.so, libiptc.so, and libxtables.so
+          libip4tc.so,
+          libip6tc.so,
+          libipq.so,
+          libiptc.so,
+          and libxtables.so
         </seg>
         <seg>
+          /lib/xtables and /usr/include/libiptc
+          /lib/xtables and
+          /usr/include/libiptc
         </seg>
       </seglistitem>
 …
       </varlistentry>
+      <varlistentry id="iptables-apply">
+        <term><command>iptables-apply</command></term>
+        <listitem>
+          <para>
+            is a safer way to update iptables remotely.
+          </para>
+          <indexterm zone="iptables iptables-apply">
+            <primary sortas="b-iptables-apply">iptables-apply</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="iptables-legacy">
+        <term><command>iptables-legacy</command></term>
+        <listitem>
+          <para>
+            is used to interact with iptables using the legacy command set.
+          </para>
+          <indexterm zone="iptables iptables-legacy">
+            <primary sortas="b-iptables-legacy">iptables-legacy</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="iptables-legacy-restore">
+        <term><command>iptables-legacy-restore</command></term>
+        <listitem>
+          <para>
+            is used to restore a set of legacy iptables rules.
+          </para>
+          <indexterm zone="iptables iptables-legacy-restore">
+            <primary sortas="b-iptables-legacy-restore">iptables-legacy-restore</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+      <varlistentry id="iptables-legacy-save">
+        <term><command>iptables-legacy-save</command></term>
+        <listitem>
+          <para>
+            is used to save a set of legacy iptables rules.
+          </para>
+          <indexterm zone="iptables iptables-legacy-save">
+            <primary sortas="b-iptables-legacy-save">iptables-legacy-save</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
       <varlistentry id="iptables-restore">
         <term><command>iptables-restore</command></term>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset ab6bf6a for postlfs/security

Legend:

postlfs/security/iptables.xml

Download in other formats: