Re: newbie firewall recommendation

To: debian-firewall@lists.debian.org
Subject: Re: newbie firewall recommendation
From: Vince Mulhollon <vlm@mulhollon.com>
Date: Wed, 04 Jun 2003 14:23:03 -0500
Message-id: <[🔎] 871xy9ejfs.fsf@small.mulhollon.com>
References: <[🔎] 20030604060347.GA9653@lina.inka.de> <[🔎] Pine.LNX.4.44.0306040932320.4541-100000@in.theory.org>

Richard Cochinos <richard@theory.org> writes:

> What I did first was to drop all defaults installed:
> iptables -P INPUT DROP
>
> Then I edited to allow ports I want open:
> iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Sounds like a good plan.

> I followed the same guideline for OUTPUT, so my tables look something
> like:
> iptables -L INPUT
> Chain INPUT (policy ACCEPT)

This is the problem, if you set policy to DROP, why does it report 
default of ACCEPT?

That is why you see all those ports open on NMAP.
Go ahead, try to telnet into those ports, you'll see them open.

My strategy is somewhat different, I do something like this at home:

iptables -A INPUT -p tcp --syn --destination-port 22 -j ACCEPT
iptables -A INPUT -p tcp --syn -j DROP

Dropping all the SYNs other than 22 means no connections except to ssh.

A third method you may wish to consider, is if you don't want people 
connecting to your ntp or discard port or whatever, consider some
strategic editing of inetd.conf and run some dpkg --purge to get
rid of those services.

As a totally unrelated note, this is my first attempt at posting via 
the GMANE server, this will be interesting...

Reply to:

References:
- Re: newbie firewall recommendation
  - From: Bernd Eckenfels <lists@lina.inka.de>
- Re: newbie firewall recommendation
  - From: Richard Cochinos <richard@theory.org>

Prev by Date: Re: newbie firewall recommendation
Next by Date: Open Port 110
Previous by thread: Re: newbie firewall recommendation
Next by thread: monitorless intall - a newbie question
Index(es):
- Date
- Thread