Alessandro Dotti Contra's personal website

• home
• blog
• alex
• techies
• floss
• ict
• scrivere
• miscellanea

System administration

• tuning
• virtualization
• filesystems
• raid
• userland
• sysadmin miscellanea

Networking

• dns
• httpd
• smtp
• ldap

Security

• hardening
• securing services
• firewalls
• tls
• encryption

Development

• programming tools
• languages
• frameworks
• webdesign
• dummy code

DBMS

• databases design
• dbms administration

netfilter/iptables scripts

Some ready to use scripts to setup a netfilter (linux 2.4/2.6) firewall. Most common setups are covered.

Single host

Configuration for a single workstation. All inbound connections are filtered while all outbound connections are allowed.

Home gateway

Configuration for a home gateway. Masquerading is active for LAN's clients. All inbound connections are filtered while all outbound traffic is allowed.

Lan gateway

Configuration for a LAN gateway. The gateway acts as a DNS and SMTP server for the LAN. SSH inbound connections are allowed from the LAN as well. DNS and SMTP outbound connections are allowed to the Internet; LAN's client can access public web and FTP services.

Lan gateway with DMZ support

Configuration for a gateway with DMZ support. private IP addresses - and on a private LAN. Natting is active for both DMZ servers and private LAN clients. The gateway itself accepts only inbound SSH connections from the LAN's client. Public access to some well defined services hosted in the DMZ is granted, as well as restricted access to the Internet by DMZ server and LAN's clients.