Learn More
Resend Email
3
pesar
11h

I give up. I have never had a successful experience with iptables in my entire career. I have never seen any adult human successfully utilizing iptables at work. There is no debugger software with a window that shows a packet and you press F8 and you see what happens to the packet as it passes through the iptables black hole. No body knows why this piece of software does not work. Everybody believe that there's some hacker somewhere who knows how it works. And all projects that come to this point, end up giving up and finding a different solution that does not need iptable at all or just move to a totally different business altogether! The only thing that might work with ip table is to simply block some port numbers or some ip addresses. Routing traffic send to one port into another port or through another interface, etc. Forget about it! We really need an alternative to iptables. And I don't mean just a shell on top of iptables that just converts one format of commands into another. I mean a new linux kernel module that routes packages and does it successfully and comes with an IDE with debugger function.

devrant

kernel

iptables

linux
Favorite
Ranter
Comments
  • 1
    9h
    Dude, what? One of the best implementations I did with iptables was when the original Half-Life/Counter Strike would connect to WON Servers to check if you have a valid HL/CS game. However, it won't need to connect for offline/LAN gaming mode. So we tricked the HL/CS server that it's a LAN game and let outside clients connect and forward them to our server. Once their client connects and sees that it's a LAN setup, it won't connect to WON. Sort of a reverse NAT.
  • 1
    9h
    Another one we did was dial-up (yeah, yeah, get off my lawn). Linux has a kernel driver and with ip routing that would allow you to bind two or more dial-up connections. We were the only company at that time that offers this service. Imagine, 2 (or more) 56K modems running as one!
  • 0
    2h
    Half my home infra is relient on vpn and iptables. I agree that it can be difficult, I essentially have to re-learn it every time Im doing something with it. But It's not that complicated. It simply gives you hooks to every part or routing inside the system and filters to work with it.

    There's probably an UI for it somewhere on GitHub though. What I do is usually make a new shell script with "up" and "down" options so that I can work with it and revert it easily during develoment and testing
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment