Hi, I am trying to tighten up my ipchains firewallon my adsl router/firewall box . But looks like I am a litle bit lost. I have read previous mails backing to 2000 May and I am still lost.Maybe too much info is not good) Below is what I have done. Is there anything I should be carefull with if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ] then for f in /proc/sys/net/ipv4/conf/*/rp_filter do echo 1 > $f done fi if [ -e /proc/sys/net/ipv4/tcp_syncookies ] then echo 1 > /proc/sys/net/ipv4/tcp_syncookies fi # echo "1" > /proc/sys/net/ipv4/ip_dynaddr echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses for file in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo "0" > $file done for file in /proc/sys/net/ipv4/conf/*/log_martians; do echo "1" > $file done $IPCHAINS -A input -j REJECT -i $OUTERIF -p icmp -s $REMOTENET -d $OUTERIP --icmp-type echo-reply -l $IPCHAINSs -A input -j REJECT -i $OUTERIF -p tcp -s $OUTERNET -d $OUTERIP 33434 -l $IPCHAINS -A input -j REJECT -i $OUTERIF -p udp -s $OUTERNET -d $OUTERIP 33434 -l $IPCHAINS -A input -j REJECT -i $OUTERIF -p icmp -s $REMOTENET -d OUTERIP --icmp-type destination-unreachable -l IPCHAINS -A input -j REJECT -i $OUTERIF -p icmp -s $REMOTENET -d $OUTERIP --icmp-type destination-unreachable -l $IPCHAINS -A input -j REJECT -i $OUTERIF -p icmp -s $REMOTENET -d $OUTERIP --icmp-type redirect -l $IPCHAINS -A input -j REJECT -i $OUTERIF -p icmp -s $REMOTENET -d $OUTERIP --icmp-type echo-request -l $IPCHAINS -A input -j REJECT -i $OUTERIF -p icmp -s $REMOTENET -d $OUTERIP --icmp-type time-exceeded -l $IPCHAINS -A input -j REJECT -i $OUTERIF -p icmp -s $REMOTENET -d $OUTERIP --icmp-type parameter-problem -l $IPCHAINS -A input -j REJECT -i $OUTERIF -p icmp -s $REMOTENET -d $OUTERIP --icmp-type timestamp-request -l $IPCHAINS -A input -j REJECT -i $OUTERIF -p icmp -s $REMOTENET -d $OUTERIP --icmp-type timestamp-reply -l $IPCHAINS -A input -j REJECT -i $OUTERIF -p icmp -s $REMOTENET -d $OUTERIP --icmp-type address-mask-request -l $IPCHAINS -A input -j REJECT -i $OUTERIF -p icmp -s $REMOTENET -d $OUTERIP --icmp-type address-mask-reply -l -- Togan Muftuoglu
participants (1)
-
Togan Muftuoglu