[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewall

Tom Breza <tom@PCService-NET.co.uk> writes:

> I been installing firewall on iptables, and I have few questions,
> my situation is beet specyfic
> I am connecetd to internet somthing like this
> my network|-------+eth0  Router  ppp0+----+ISP Firewall+------INTERNET
>           |       |with iptables     |	
> I put the firwall on iptables on router, Linux box with debian but I can
> scan only via nmap from inside network or from router interfaces ppp0 to
> see what ports I have open,

If you've had a box live on the Net with portmap, DNS and lpd listening
wide for all to scan, I'd seriously worry about it being cracked already. A
machine running these services is not a firewall. (No, I don't care about
it only being on the end of a ppp dialup link; I've connected to an ISP for
the first time ever and had a scan within 30s, to a dynamic IP block; you
may now panic, or more profitably, audit your machine.)

In any case, you don't want to go around `closing ports' left right &
centre: that is no way to build a firewall policy either. DROP all by
default, and open what you need.

For further reading, look at the comp.os.linux.security FAQ at
<http://www.linuxsecurity.com/docs/colsfaq.html>, and indeed all the
resources at <http://www.linuxsecurity.com/> and
ObPlug: my iptables.sh start-point for a firewall is to be found at

Bagpuss gave a big yawn,                    |piglet@stirfried.vegetable.org.uk
and settled down to sleep.                  |http://spodzone.org.uk/

Reply to: