understanding packet filtering
Hi, I am trying to understand packet filtering and I am lost in what I am reading. Quoting from page 217 of Building Internet firewalls on allowing inbound and outbound SMTP and nothing else as the example. It says as follows Rule Direction Source Dest Proto Destport Action ====================================================================== A in Ext Int tcp 25 Permit B out Int Ext tcp >1023 Permit C out Int Ext tcp 25 Permit D in Ext Int tcp >1023 Permit E Either any any any any Deny Now based on the explanations I came out with this ipchains rule but I am not sure if it it correct or not IPC=/sbin/ipchains $IPC -P Deny -l $IPC -A in -s Ext -d Int -p tcp --sport 1023: --dport 25 -j ACCEPT $IPC -A out -s Int -d Ext -p tcp --sport 25 --dport 1023: -y -j ACCEPT $IPC -A out -s Int -d Ext -p tcp --sport 1023: --dport 25 -j ACCEPT $IPC -A in -s Ext -d Int -p tcp --sport 25 --dport 1023: -y -j ACCEPT $IPC -b -s 0/0 -d 0/0 -j DENY Am I on the right track or completely away ? TIA -- Togan Muftuoglu
Well, you're essentially right. Except that Ext and Int should be replaced by the corresponding subnets (i.e. int = <your internal subnet> and ext = ! <your internal subnet>) and the last rule is achieved by your policies which should read ipchains -P input DENY and ipchains -P output DENY -I is for inserting rules into a chain. It can't be used in policy statements Also, things here are case sensitive, so Deny should be DENY Also, in should be input, and out should be output The fourth rule also looks suspect. Why would you allow SYN packets to a high port if you only want SMTP? That should probably be ! -y Apart from that, it looks OK to me Regards Anders On Sunday 10 June 2001 15:27, Togan Muftuoglu wrote:
Hi,
I am trying to understand packet filtering and I am lost in what I am reading. Quoting from page 217 of Building Internet firewalls on allowing inbound and outbound SMTP and nothing else as the example.
It says as follows
Rule Direction Source Dest Proto Destport Action ====================================================================== A in Ext Int tcp 25 Permit B out Int Ext tcp >1023 Permit C out Int Ext tcp 25 Permit D in Ext Int tcp >1023 Permit E Either any any any any Deny
Now based on the explanations I came out with this ipchains rule but I am not sure if it it correct or not
IPC=/sbin/ipchains $IPC -P Deny -l $IPC -A in -s Ext -d Int -p tcp --sport 1023: --dport 25 -j ACCEPT $IPC -A out -s Int -d Ext -p tcp --sport 25 --dport 1023: -y -j ACCEPT $IPC -A out -s Int -d Ext -p tcp --sport 1023: --dport 25 -j ACCEPT $IPC -A in -s Ext -d Int -p tcp --sport 25 --dport 1023: -y -j ACCEPT $IPC -b -s 0/0 -d 0/0 -j DENY
Am I on the right track or completely away ?
TIA
* Anders Johansson
Well, you're essentially right. Except that Ext and Int should be replaced by the corresponding subnets (i.e. int = <your internal subnet> and ext = ! <your internal subnet>) and the last rule is achieved by your policies
Yeap
which should read
ipchains -P input DENY
and
ipchains -P output DENY
-I is for inserting rules into a chain. It can't be used in policy statements
Also, things here are case sensitive, so Deny should be DENY
ooops that is a typo mistake
Also, in should be input, and out should be output
thx for reminding ( just wanted to make sure the example's syntax is followed for ease of understanding on my side)
The fourth rule also looks suspect. Why would you allow SYN packets to a high port if you only want SMTP? That should probably be ! -y
Now this is the part I am lost frankly speaking . On page 221 of the book it says consider the ACK bit also as a criterion. So based on your explanation where I only put -y actually should be ! -y Rule Direction Source Dest Proto Destport ACK Action ====================================================================== A in Ext Int tcp 25 ANY Permit B out Int Ext tcp >1023 yes Permit C out Int Ext tcp 25 Any Permit D in Ext Int tcp >1023 yes Permit E Either any any any any any Deny Thanks for the input
Now based on the explanations I came out with this ipchains rule but I am not sure if it it correct or not
IPC=/sbin/ipchains $IPC -P Deny -l $IPC -A in -s Ext -d Int -p tcp --sport 1023: --dport 25 -j ACCEPT $IPC -A out -s Int -d Ext -p tcp --sport 25 --dport 1023: -y -j ACCEPT $IPC -A out -s Int -d Ext -p tcp --sport 1023: --dport 25 -j ACCEPT $IPC -A in -s Ext -d Int -p tcp --sport 25 --dport 1023: -y -j ACCEPT $IPC -b -s 0/0 -d 0/0 -j DENY
Am I on the right track or completely away ?
TIA
-- Togan Muftuoglu
participants (2)
-
Anders Johansson
-
Togan Muftuoglu