comments about lokkit default script
Dear People,
I'm pretty new to packet filtering etc. I ran lokkit's simple
configuration utility, and it seems to work Ok with my computer. I don't
think I need an elaborate setup. I'm running my machine on Earthlink's
cable broadband (pretty basic setup) using DHCP, and am currently
disallowing all connections from outside, though I might open up an
ssh port at some point. The script is run as
/sbin/iptables -I INPUT -j RH-Lokkit-0-50-INPUT && /sbin/iptables -I
FORWARD -j RH-Lokkit-0-50-INPUT
in /etc/rc*, where the chain is defined (/in /etc/default/lokkit) by
#!/bin/sh
PATH=/sbin:$PATH
iptables -N RH-Lokkit-0-50-INPUT
iptables -F RH-Lokkit-0-50-INPUT
iptables -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 207.69.188.185
--sport 53 -d 0/0 -j ACCEPT
iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 207.69.188.186
--sport 53 -d 0/0 -j ACCEPT
iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 207.69.188.187
--sport 53 -d 0/0 -j ACCEPT
iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
At the moment, I just trying to understand what this chain does.
>From reading documentation, I see that the line
/sbin/iptables -I INPUT -j RH-Lokkit-0-50-INPUT && /sbin/iptables -I
FORWARD -j RH-Lokkit-0-50-INPUT
basically disallows new connections, but I got the impression that
this is not considered the best way to do this, as it is still
possible to make connections by using "malformed packets". Is this
still a good first approximation?
I can't get any information about ports using nmap, presumably because
it uses orthodox connection methods. Ping is still working, presumably
because I have not disallowed ICMP packets.
Are the lines
iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 207.69.188.18*
--sport 53 -d 0/0 -j ACCEPT
allowing through the DHCP connection? The 207.69.188.18* are
Earthlink servers, they look like nameservers.
Faheem.
Reply to: