Re: Firewall Setup

To: <debian-user@lists.debian.org>
Subject: Re: Firewall Setup
From: Glenn English <ghe@slsware.com>
Date: Mon, 1 Aug 2011 16:24:32 -0600
Message-id: <[🔎] AF88CA6A-8678-45DF-A374-03A9E041C2F2@slsware.com>
In-reply-to: <[🔎] CAEe=7Li3a_EsWc=btFtRd8OGGFfbU96iWmujPpq2xjrA9oFnRA@mail.gmail.com>
References: <[🔎] CAEe=7Li3a_EsWc=btFtRd8OGGFfbU96iWmujPpq2xjrA9oFnRA@mail.gmail.com>

On Aug 1, 2011, at 2:56 PM, Paul Stuffins wrote:

> I am trying to set iptables up, but am getting into a right mess editing the rules direct in the init script.
> 
> What are peoples recommendations of a front end, either one that I can run via an Apache VirtualHost, obviously on a secured and locked down VirtualHost so that only I can access it, or via SSH.


What I did was a lot of work up front, but a lot less out back...

I wrote a huge shell script that creates the whole thing. 

INPUT:

> root@server:/etc/ipfilterfiles# pfil status INPUT
> 
>    Running on host: server.slsware.dmz
> 
>       --- FILTER table---
> 
> Chain INPUT (policy DROP 0 packets, 0 bytes)
> num   pkts bytes target     prot opt in     out     source               destination         
> 1    35662 9574K ACCEPT     all  --  lo     *       127.0.0.1            0.0.0.0/0           
> 2      112  9916 ACCEPT     all  --  lo     *       192.168.2.218        0.0.0.0/0           
> 3      135  6216 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID reject-with icmp-port-unreachable 
> 4    9458K  502M IDS_BLK    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 5    9458K  502M TMP_BLK    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 6    9407K  500M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
> 7        0     0 ACCEPT     all  -f  *      *       0.0.0.0/0            0.0.0.0/0           
> 8        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 
> 9       87  7308 ACCEPT     all  --  tun+   *       0.0.0.0/0            192.168.0.204       
> 10   50590 2850K NUISANCES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 11   50590 2850K SPOOFQ     all  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 12   12874  834K UDPIN      udp  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 13   30513 1813K TCPIN      tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
> 14    7203  202K ICMP_CHK   icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
> 15       0     0 IGMP_CHK   2    --  *      *       0.0.0.0/0            0.0.0.0/0           
> 16       7   360 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
> 17       0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           /* Loaded Sun Jun 19 07:07:21 MDT 2011 */ 
> 


for example, does a little filtering to get rid of IDS and MS noise and spoofs and stuff, then splits on TCP/UDP/ICMP/etc. to locally created chains. In these chains, the packets are processed by port number -- traffic to port 24 has another chain full of spammers I've seen in the last month or so, and so forth.

The main program has some utilities in it to modify the chains. ssh is a good tool for getting to it.

You only have to do it once...

-- 
Glenn English

Reply to:

References:
- Firewall Setup
  - From: Paul Stuffins <paul.stuffins@orqoo.com>

Prev by Date: Re: Encrypted LVM container spanning drives?
Next by Date: Re: GDM3's prejudiced against a picture of me
Previous by thread: Firewall Setup
Next by thread: Re: Firewall Setup
Index(es):
- Date
- Thread