[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

firewall advice

I changes the subject and started a new thread here.  Anyway . . .

Nicolas Boullis wrote:
> You should add the rule:

Thanks, those rules that I gave as an example are from my workstation which
has 2.4 kernel installed.  I will add this connection tracking
stuff on my workstation.  But, my server has a 2.2 kernel installed
and from the man page, there doesn't seem to be connection tracking
in ipchains.  Correct?

>>> # Drop spoofed packets
>>> iptables -A INPUT -i eth0 -j DROP -s -d

>What about outgoing spoofed packets? They didn't get dropped in this
>at all. It's only a selfish half-hearted firewall if all it does is to
>protect yourself against incoming nasties; there's always a
>not to inflict dodgy packets on others, as much as possible.

OK, but how do you tell if a packet is spoofed going out?  I can tell
coming in by looking at the source address and the interface.

>>> iptables -A INPUT -i eth0 -j ACCEPT -p TCP -s --source-port
>>> domain #53
>>> iptables -A INPUT -i eth0 -j ACCEPT -p UDP -s --source-port
>>> domain #53
>"Hey! I'm a nice port, let me in!". 

You're right, I should probably change that to be the address of the DNS
server.  I'll also add connection tracking in my iptables script.  Is
there anything I can do in my ipchains script?


Reply to: