iptables for Debian ---------------------- The iptables package consists of a set of powerful packet filtering administration tools for netfilter. The tools can easily be misused, causing enormous amounts of grief by completely cripple network access to a computer system. It is not terribly uncommon for a remote system administrator to accidentally lock himself out of a system hundreds or thousands of miles away. One can even manage to lock himself out of a computer who's keyboard is under his fingers. Please, use due caution. The iptables init.d setup is a set of scripts that manage iptables by saving, loading, or clearing whole static iptables rulesets. The setup does not provide any sort of system security by default. Creating the packet filtering rules is left to the devices of the system administrator. Again, please use due caution and read /etc/default/iptables for more information on the init.d setup. The iptables source code provides kernel source code updates in the for of "patch-o-matic" ("pom") kernel patches. The pom kernel source updates allow iptables to compile various extension modules. Some of the modules are wonderful, some experimental, some plain broken, and others yet induce kernel level structure changes that cause iptables source to produce a binary that is incompatible with "normal" kernels. Effort has been made to include as many extension modules as possible. Actually utilizing those modules is likely to require custom kernels built with pom enhancements, or newer kernel releases, which are fed pom enhancements. It may be necessary to compile a custom iptables package or source to create additional extension modules and accommodate the kernel enhancements. More documentation and some examples can be found in /usr/share/doc/iptables/ and at http://www.netfilter.org/. Laurence J. Lane , Sat, 23 Mar 2002 18:04:22 -0500