How to read
This document was written purely so people can start to grasp the
wonderful world of iptables. It was never meant to contain information on
specific security bugs in iptables or Netfilter. If you find peculiar
bugs or behaviors in iptables or any of the subcomponents, you should
contact the Netfilter mailing lists and tell them about the problem and
they can tell you if this is a real bug or if it has already been fixed.
There are very rarely actual security related bugs found in iptables or
Netfilter, however, one or two do slip by once in a while. These are
properly shown on the front page of the Netfilter main page, and that is
where you should go to get information on such topics.
The above also implies that the rule-sets available with this tutorial are
not written to deal with actual bugs inside Netfilter. The main goal of
them is to simply show how to set up rules in a nice simple fashion that
deals with all problems we may run into. For example, this tutorial will
not cover how we would close down the HTTP port for the simple reason that
Apache happens to be vulnerable in version 1.2.12 (This is covered really,
though not for that reason).
This document was simply written to give everyone a good and simple primer
at how to get started with iptables, but at the same time it was created
to be as complete as possible. It does not contain any targets or matches
that are in patch-o-matic for the simple reason that it would require too
much effort to keep such a list updated. If you need information about
the patch-o-matic updates, you should read the info that comes with it in
patch-o-matic as well as the other documentations available on the Netfilter main page.