# Does Gentoo livecd amd64 minimal support iptables?

## Jurassic

Hi awesome Gentoo community,

I am trying to install Gentoo from a livecd with a public ip address assigned. I was wondering do I have the option to build support in the livecd kernel for iptables? Because I can save rules and start iptables with livecd, but when I go to add rules to the filter table I receive output that the filter table doesn't exist. But there should be a filter table by default.

Can anyone share some experience using iptables with the livecd. 

I am trying to securely install Gentoo amd64 on a remote dedicated server,

 I do not have access to put the dedicated server behind another host (firewall/router) or I would just assign a private ip address with ipv4 output routes.

----------

## N8Fear

Honestly: I don't know. But what's the matter? If there are no services (except likely sshd) are running on the remote host, there isn't much attack surface. You'll need something like sshd for remote access so you can't disallow it anyways (you can and should use public key auth instead of passwords).

The only thing that is exposed is the kernel itself - but if there would be a vulnerability in the parsing of network packages it's likely that it wouldn't matter much even with iptables as the packages still need to be parsed before iptables can do it's magic...

----------

## Jurassic

First of all thank you N8Fear for your insight!

I think I will use your approach. I love ssh keys! I will use a kvm over ip so I could just leave sshd stopped.

To everyone: If you have any other insights I would love to hear any. But for now I will just use N8Fear's approach.

To N8Fear: Tausend Dank!Last edited by Jurassic on Wed Jan 08, 2014 7:24 am; edited 1 time in total

----------

## 666threesixes666

turn off ssh, use ubuntu LTS live media on a spare usb flash key via unetbootin.  rescue/install in luxury, even use wifi to install.  apt-get flash and watch youtube as you install.  facebook, tweet, irc, even post here.  apt-get is a great idea for live media, like emerge is a great idea for base systems.  emerge is a horrible idea for live media, and apt-get is a horrible idea for base systems.

best of both worlds, instant gratification as you install and build up your not so instant gratification gentoo.

i think ubuntu kinda blows and is unreliable with the graphical login stuff so i ctl + alt + f2 to a getty and use the getty to install rather than a terminal emulator.  i use terminal emulators to copy paste commands to flat files and sh flatfile (or chmod +x flatfile && ./flatfile) to run what ever commands from agetty terminals.

----------

## N8Fear

@666threesixes666: The only problem that I see is that as far as I understood it is a remote install - so no fancy graphics (unless using vnc which should be tunneled over ssh if one wants the fancy graphics). I'd go with the ssh approach... - For local installs I'm totally with you (though the choice of live media is made by what distro is included in my favourite pc magazine).

@Jurassic: Gern geschehen!/You're welcome! (the german language forums are a little bit further down...  :Wink: 

----------

