|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
ipchains requires that you compile Networking options/Network firewalls
and Networking options/IP: firewalling into your kernel. Works at a
significantly lower level than tcp wrappers.
ipchains -F
# flush rules
ipchains -P input ACCEPT
# change policy to default to accept all incoming connections
ipchains -A input -p tcp -s localhost -j ACCEPT
# allow all incoming tcp connections from localhost
ipchains -A input -p udp -s localhost -j ACCEPT
# allow all incoming udp connections from localhost
ipchains -A input -p tcp --destination-port 1024: -j ACCEPT
# allow all return connections (see below)
ipchains -A input -p tcp --destination-port 113 -j ACCEPT
# allow ident requests
ipchains -A input -p tcp -d sh.undef.net 21:22 -j ACCEPT
# allow ftp & ssh tcp from sh.undef.net
ipchains -A input -p tcp -d monet.op.net 21:22 -j ACCEPT
# allow ftp & ssh tcp from monet.op.net
ipchains -A input -p udp -d sh.undef.net 22 -j ACCEPT
# allow ssh udp from sh.undef.net
ipchains -A input -p udp -d monet.op.net 22 -j ACCEPT
# allow ssh udp from monet.op.net
ipchains -P input DENY
# change policy to default to eny all incoming connections
root@darxus:~$ ipchains -L
Chain input (policy DENY):
target prot opt source destination ports
ACCEPT tcp ------ localhost anywhere any -> any
ACCEPT udp ------ localhost anywhere any -> any
ACCEPT tcp ------ anywhere anywhere any -> 1024:65535
ACCEPT tcp ------ anywhere anywhere any -> auth
ACCEPT tcp ------ anywhere sh.undef.net any -> ftp:ssh
ACCEPT tcp ------ anywhere monet any -> ftp:ssh
ACCEPT udp ------ anywhere sh.undef.net any -> ssh
ACCEPT udp ------ anywhere monet any -> ssh
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
My defintion of return connections:
root@darxus:~$ netstat -t -u -a -n
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 209.152.194.126:2508 209.152.193.3:22 ESTABLISHED
This is a connection from an ssh client on my machine to an ssh server on
a remote machine. The ssh port is 22. The port being used on my (client)
machine is 2508. I'm calling 2508 a return port. Is there a better term?
The range for these ports is 1024-65535. The colon in the above defintion
means "and above".
Make any sense ?
Anyway, with that, and doing a nmap localhost, I feel significantly more
secure.
I would like to have a couple of you people poke my machine a bit to see
if you can find any holes. Please let me know before you do so. My
current IP address is 209.152.194.126. If it changes, you can connect to
EFNet IRC & /whois Darxus.
I'd be especially interested in getting output from nmap & nmap -sU, as I
don't happen to have an extra Linux box networked to this one, and Daniel
mentioned that locally run nmap misses stuff.
I still need to do cops & find out what nessus is, but it's late for me.
__________________________________________________________________
PGP fingerprint = 03 5B 9B A0 16 33 91 2F A5 77 BC EE 43 71 98 D4
darxus@op.net / http://www.op.net/~darxus
Far Beyond Reason
_______________________________________________
Plug maillist - Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug
|
|