TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:11306] Mediaone & bootpc
Callum Lerwick wrote:
>
> > > Mostly because I also use Skypoint and want to switch between 'em, but also
> > > because since I've had the two-way service (3 days), I've been port scanned
> > > 3 times, unsuccessfully telnet'ed to twice, etc, etc. The script kiddies
> > > seem to view Mediaone as fertile ground.
> >
> > Pardon my ignorance but how do you know that?
>
>
> # Setup Firewalling
> /sbin/ipchains -F
> /sbin/ipchains -P input ACCEPT
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -P output ACCEPT
> # block all access to privleged ports except the ones I want
> /sbin/ipchains -N nopriv
> /sbin/ipchains -A nopriv -p tcp -d 192.168.100.2 113 -j ACCEPT
> /sbin/ipchains -A nopriv -p tcp -d 192.168.100.2 80 -j ACCEPT
> /sbin/ipchains -A nopriv -p tcp -d 192.168.100.2 23 -j ACCEPT
> # /sbin/ipchains -A nopriv -p tcp -d 192.168.100.2 20:21 -j ACCEPT
> /sbin/ipchains -A nopriv -l -j REJECT
> /sbin/ipchains -A input -p tcp -d 192.168.100.2 0:1023 -j nopriv
> /sbin/ipchains -A input -p udp -d 192.168.100.2 0:1023 -j nopriv
> # ipmasq
> /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
That will work assuming you've got a one-way modem.
However, if you've got a two-way modem hooked to "eth1", you'll need something
more like:
#!/bin/ksh
#recover IP address
IPADDR=`ifconfig eth1 | grep "inet addr" | tr -s ":" " " | cut -d' ' -f4`
if [ "X$IPADDR" = "X" ]
then echo "Connection is down"
else # Setup Firewalling
/sbin/ipchains -F
/sbin/ipchains -P input ACCEPT
/sbin/ipchains -P forward DENY
/sbin/ipchains -P output ACCEPT
# block all access to privleged ports except the ones I want
/sbin/ipchains -N nopriv
/sbin/ipchains -A nopriv -p tcp -d $IPADDR 113 -j ACCEPT
/sbin/ipchains -A nopriv -p tcp -d $IPADDR 80 -j ACCEPT
/sbin/ipchains -A nopriv -p tcp -d $IPADDR 23 -j ACCEPT
# /sbin/ipchains -A nopriv -p tcp -d $IPADDR 20:21 -j ACCEPT
/sbin/ipchains -A nopriv -l -j REJECT
/sbin/ipchains -A input -p tcp -d $IPADDR 0:1023 -j nopriv
/sbin/ipchains -A input -p udp -d $IPADDR 0:1023 -j nopriv
# ipmasq
/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
echo "1" > /proc/sys/net/ipv4/ip_forward
fi
-S