Re: default firewall/IDS that comes with DEBIAN

To: debian-user@lists.debian.org
Subject: Re: default firewall/IDS that comes with DEBIAN
From: a_d@gmx.at (Albert Dengg)
Date: Thu, 21 Dec 2006 18:23:55 +0100
Message-id: <[🔎] 20061221172355.GB400@localhost.localdomain>
In-reply-to: <[🔎] 20061221165224.GN5004@omnibook>
References: <[🔎] Pine.LNX.4.64.0612210913060.9142@h-66-166-247-242.mclnva23.covad.net> <[🔎] 20061221165224.GN5004@omnibook>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Dec 21, 2006 at 06:52:24PM +0200, Andrei Popescu wrote:
> On Thu, Dec 21, 2006 at 09:25:44AM -0500, mutsuura wrote:
> > All
> > 
> > Another newbiew question...
> > 
> > While browsing my auth.log file, I notice 'many' denial attacks.
> > 
> > Eg:...
> > 
> > Dec 17 12:25:37 h-66-166-247-242 sshd[21409]: Illegal user sara from 61.82.25.83
> > Dec 17 12:25:39 h-66-166-247-242 sshd[21412]: Illegal user robert from 61.82.25.83
> > Dec 17 12:25:41 h-66-166-247-242 sshd[21415]: Illegal user richard from 61.82.25.83
> > Dec 17 12:25:43 h-66-166-247-242 sshd[21418]: Illegal user party from 61.82.25.83
> > Dec 17 12:25:45 h-66-166-247-242 sshd[21420]: Illegal user amanda from 61.82.25.83
> > Dec 17 12:25:46 h-66-166-247-242 sshd[21423]: Illegal user rpm from 61.82.25.83
> > Dec 17 12:25:48 h-66-166-247-242 sshd[21426]: Illegal user operator from 61.82.25.83
> > Dec 17 12:25:50 h-66-166-247-242 sshd[21428]: Illegal user sgi from 61.82.25.83
> > Dec 17 12:25:54 h-66-166-247-242 sshd[21434]: Illegal user users from 61.82.25.83
> > Dec 17 12:25:56 h-66-166-247-242 sshd[21437]: Illegal user admins from 61.82.25.83
> > Dec 17 12:25:58 h-66-166-247-242 sshd[21439]: Illegal user admins from 61.82.25.83
> > Dec 17 12:26:08 h-66-166-247-242 sshd[21453]: Illegal user shutdown from 61.82.25.83
well, that is not the firewall, but the ssh daemon..
> > What default firewall/IDS does Debian come with following an initial install?
> > 
> > Note: during install I selected all major components and did not include any additional 
> > packages wile installer was running aptitude.
> 
> AFAIK there is no default firewall.
> 
> I always recommend shorewall because it is very powerful, but pretty
> easy to setup. If you prefer a graphical one than firestarter is also a
> good choice.
well, for the typical home user, there is more then enouth in the
default debian install...

iptables -P INPUT DROP
iptables -P FORWARD DROP
- -A INPUT -i lo -j ACCEPT 
- -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

that is normally enouth, just put in into a script that gets executed on
interface activation...

(just put it in /etc/network/interfaces with pre-up) 

yours
albert
- -- 
Albert Dengg <a_d@gmx.at>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQCVAwUBRYrDJCIMiEpzxsFKAQJdBgP+KaG35QtFNMlmeOxhlxbcLR22FPBGnzJs
U7ORUt/6888+GiPffrjolN8DYOyrauTs63Q288XRn6BnpjeqOillbC2mvyI1Ojs1
GRpKWvNQ0AVHCH2Y8SDDCutDDysHOa68D1vmv1YeJ0fkXPJJh9eGs0BkvlPB40E0
huY+cC901bg=
=aNJD
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: default firewall/IDS that comes with DEBIAN
  - From: Douglas Tutty <dtutty@porchlight.ca>

References:
- default firewall/IDS that comes with DEBIAN
  - From: mutsuura <attila@mutsuura.com>
- Re: default firewall/IDS that comes with DEBIAN
  - From: andreimpopescu@gmail.com (Andrei Popescu)

Prev by Date: Re: dell power edge
Next by Date: Re: Safe way to upgrade kernel?
Previous by thread: Re: default firewall/IDS that comes with DEBIAN
Next by thread: Re: default firewall/IDS that comes with DEBIAN
Index(es):
- Date
- Thread