[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPtables bash script

Thanks for the clarification : )  And you didn't confuse the two
explicitly, but i wasn't sure if you were advising allow NEW,RELATED/
NEW,ESTABLISHED or ESTABLISHED,RELATED on outbound packet, but now I

I have read through quite a few manuals and online forums, although no
RFCs...I'm not really sure I know what they are even haha. I have
configured myself pretty wall, editing PAM and my sysctl.conf file
rigourously, BIOS passwording and denying USB boots without admin
access to the BIOS, as well as other various activities including
attempting to configure SELinux, which is nigh impossible to do it and
have it have any effect on Jessie right now, at least as far as me and
someone else could find.

I have noticed that DROP on invalid first actually drops more packets
then simply allowing Established, related...does this imply a packet
can have more then one state??

On Mon, May 23, 2016 at 5:20 PM, Einhard Leichtfuß <el@respiranto.de> wrote:
> On 2016-05-23 22:32, Ralph Sanchez wrote:
>> On Mon, May 23, 2016 at 4:13 PM,  <deb023@respiranto.de> wrote:
>>> On 2016-05-23 19:54, Ralph Sanchez wrote:
>>>> Yes, this is a personal laptop. If you notice, I have default POLICY
>>>> as DROP, which means if I don't accept on ports 80 and 443 I can't
>>>> accept HTTPS and HTTP, correct? I'm still learning how all this works,
>>>> but that's what it seemed to me and was explained in other guides and
>>>> tutorials I needed to do. And if I don't ACCEPT there, i dont get any
>>>> web pages whatsoever so.
>>> Whenever you perform an HTTP(S) request, the response should be treated
>>> as RELATED, hence allowing all RELATED inbound traffic should suffice.
>> So, would it be better to not based any outgoing connections of
>> stateful connections and simply just allow it via port, since either
>> way the port is doing to allow both wanted traffic and possible
>> subversion, if malicious software passed the input? Or maybe put the
>> 443 ACCEPT before the stateful filtering, and only allow established
>> state?
> As I said, I would simply allow all RELATED (and ESTABLISHED btw.) in-
> and outbound connections. I might have mixed up RELATED and ESTABLISHED
> at little in the former emails, by the way. Apart from that, you may
> block as much as you want. And I would suggest blocking any other INPUT
> (except for icmp (possibly partly) and lo). But again, if you really
> want to secure your box, take the time to thoroughly read a few manuals
> and possibly even a few RFCs.
>>>> Thanks for the Advice on NEW, I haven't seen much said about it so
>>>> I'll take that advice and just enable RELATED as well, considering
>>>> that solves the biggest problem I had as far as still accessing the
>>>> web.
>>>> And as far as blocking outbound, I just don't see any reason to allow
>>>> any more data in or out at any moment then is absolutely needed, and
>>>> it should help mitigate some malicious software calling home even if
>>>> it does get through into my system.
>>> It could still connect via 80,443. However, you are right, your setup
>>> will block those malicious pieces of software, that do not try to use
>>> those (and that do not gain root rights).
>> Yeah, i wasn't sure whether i should leave those options in or just go
>> off stateful...see previous statement.  Also, if something gain root
>> rights in my system, then I've got more problems then a faulty
>> firewall.
>>>> Thanks for the reading, that's where I'm heading now : )

Reply to: