[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

firewall advice

I changes the subject and started a new thread here.  Anyway . . .

Nicolas Boullis wrote:
> You should add the rule:
>
>$IPTABLES -A INPUT -j ACCEPT -i eth0 -m state --state ESTABLISHED,RELATED

Thanks, those rules that I gave as an example are from my workstation which
has 2.4 kernel installed.  I will add this connection tracking
stuff on my workstation.  But, my server has a 2.2 kernel installed
and from the man page, there doesn't seem to be connection tracking
in ipchains.  Correct?

>>> # Drop spoofed packets
>>> iptables -A INPUT -i eth0 -j DROP -s 192.168.1.3 -d 0.0.0.0/0

>What about outgoing spoofed packets? They didn't get dropped in this
>script
>at all. It's only a selfish half-hearted firewall if all it does is to
>protect yourself against incoming nasties; there's always a
>responsibility
>not to inflict dodgy packets on others, as much as possible.

OK, but how do you tell if a packet is spoofed going out?  I can tell
coming in by looking at the source address and the interface.

>>> iptables -A INPUT -i eth0 -j ACCEPT -p TCP -s 0.0.0.0/0 --source-port
>>> domain #53
>>> iptables -A INPUT -i eth0 -j ACCEPT -p UDP -s 0.0.0.0/0 --source-port
>>> domain #53
>"Hey! I'm a nice port, let me in!". 
>
>Oops.

You're right, I should probably change that to be the address of the DNS
server.  I'll also add connection tracking in my iptables script.  Is
there anything I can do in my ipchains script?

-- 
http://www.torrin.net
Reply to: