[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: your mail

On Thu, Jun 28, 2001 at 08:50:49AM +0200, Michael Wood wrote:

> On Thu, Jun 28, 2001 at 01:32:50PM +0700, Abu H R wrote:
> > I have tried using {echo "0" /proc/sys/net/ipv4/ip_forward}
> > and after that i the abuser is stopped but it is also stop the
> > other client to using outlook express.
> Then you will need to set up some firewalling (packet filtering)
> rules on your box.
> e.g. Assuming you're using kernel 2.2.x here's a very simple and
> very open firewall configuration:
> # define constants
> # set the default policy
> ipchains -P input ACCEPT
> ipchains -P forward ACCEPT
> ipchains -P output ACCEPT

I suggest ACCEPT as the default policy may become extremely dangerous
if the firewall script doesn't run completely. I'd say that default policy
should be DENY or REJECT, and the following few lines should be placed before
the default policies.

> # clear old rules
> ipchains -F
> ipchains -X
> # allow anybody to connect to the mail server (SMTP/POP3/IMAP)
> ipchains -A input -p tcp -d ${MAILSERVER} 25 -j ACCEPT
> ipchains -A input -p tcp -d ${MAILSERVER} 110 -j ACCEPT
> ipchains -A input -p tcp -d ${MAILSERVER} 143 -j ACCEPT
> # don't allow the abuser to do anything else
> ipchains -A input -p tcp -s ${ABUSER} -j REJECT
> You might benefit from reading the Linux Network Admin Guide
> (the NAG) available from http://www.linuxdoc.org/ (or install
> the ldp-nag package.)  Also, read the firewall related HOWTOs
> from http://www.linuxdoc.org/

Just another remark: there's a -l option in ipchains. It is a good idea
to log specific attempts (unprivport attacks). This would look like this:

ipchains -A input -p tcp -s any/0 1024:65535 -d $YOURSERVER 1024:65535 -j DENY -l

Ferenc Raffael

Reply to: