Re: Iptables question(s)

[Michael Wood <wood@kingsley.co.za>]

Hi

This is not an answer to your problems :) but might help to make
your setup slightly more secure.

On Wed, Jul 18, 2001 at 07:45:44PM -0600, Stefan Srdic wrote:
[snip]
> # Load IPTables module (s)
> 
> depmod -a
> modprobe ip_tables
> 
> #Clear the table, delete user defined chains, prep for a new ruleset.
> 
> iptables -F
> iptables -X
> iptables -P INPUT ACCEPT
> iptables -P FORWARD ACCEPT
> iptables -P OUTPUT ACCEPT
[snip]

At this point your box is wide open.  If your network interfaces
are up at this point, you are not blocking anything.  i.e. there
is a small window of opportunity for someone to do something
nasty.

You might consider doing this sort of thing:

# Set policy to DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# Clear out old rules
iptables -F
iptables -X

# Each line of the script up to here closes the firewall more
# than it was before the script started running.

# At this point, fw is completely closed.

# Specify the rules you want
iptables -A blah blah blah
[...]

# Right at the end, set policy to what you really want (or leave
# this out if you want your policy to be DROP anyway.)
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

Hope that helps.

-- 
Michael Wood        | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
wood@kingsley.co.za | Fax: +27 21 761 9930 | Kingsley Technologies