TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:16507] Firewall



Jonathan Kline wrote:
> 
> What ipchains scripts deos everyone use?

Well, the ultra-paranoid will do things like `ipchains -P input DENY'
which sets the default policy for incoming packets to DENY, and then
they start allowing certain services and things.  However, that can
cause problems, as you have to create a new rule to allow packets for
any services you may be running (in the strictest sense, ICQ is a
service -- it listens for incoming data on port 4000/tcp, and does some
strange udp wranglings..)

However, I think it is more common to go in the opposite direction.

You may be running a service that you only want a certain group of
people to see (i.e., your subnet).  One thing you can do is allow just
your subnet, or a certain group of computers to access a service, and
reject all others.  I personally run an IMAP server, but I block that
port to the outside world.  Only my own system and my Palm Pilot
(through a PPP link) can access the IMAP service.  Also, I run some
security software that automatically adds ipchains rules to block
computers that have tried to access my box in ways that I don't want
them to..

Recently, I've also taken to logging incoming TCP SYN packets and ICMP
echo-requests (pings).  Here at the U, I see other systems `knocking on
my door' every few days.  The most common requests that my box rejects
are those for domain name services, though that may just be the first
port checked among a list..

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   Microsoft gives you 
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   Windows.  Linux gives  
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)  you the whole house. 
 [ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088@umn.edu ]