Re: default firewall/IDS that comes with DEBIAN
On Thu, Dec 21, 2006 at 06:23:55PM +0100, Albert Dengg wrote:
> On Thu, Dec 21, 2006 at 06:52:24PM +0200, Andrei Popescu wrote:
> > On Thu, Dec 21, 2006 at 09:25:44AM -0500, mutsuura wrote:
> > > All
> > >
> > > Another newbiew question...
> > >
> > > While browsing my auth.log file, I notice 'many' denial attacks.
> > >
> > > Eg:...
> > >
> > > Dec 17 12:25:37 h-66-166-247-242 sshd[21409]: Illegal user sara from 61.82.25.83
>
> > AFAIK there is no default firewall.
> >
> > I always recommend shorewall because it is very powerful, but pretty
> > easy to setup. If you prefer a graphical one than firestarter is also a
> > good choice.
> well, for the typical home user, there is more then enouth in the
> default debian install...
>
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
>
> that is normally enouth, just put in into a script that gets executed on
> interface activation...
Or just install ipmasq (does ipmasqurade and a generic firewall). Note
however, that a firewall is just a last step. You should set ssh to NOT
listen to a public interface unless you need that.
Doug.
Reply to: