Howto i config firewall.rc.config in linux suse 7.0 and howto setup ipchains i have two ethernet adapter whit ip public
RTFM,
sorry, ;)
Nagi.
PS: If you don't know RTFM see RTFSE. *eg*
Quoting "Maximiliano A. Benitez"
Howto i config firewall.rc.config in linux suse 7.0 and howto setup ipchains i have two ethernet adapter whit ip public
======================================================================== # _ __ _ __ http://home.htwm.de/akuehn/ \n icq://69646724 # # / |/ /__ ____ _(_) /_ ____ _ nagilum@chillout.org \n +01776461165 # # / / _ `/ _ `/ / / // / ' \ Amiga (68k/PPC): AOS/NetBSD/Linux # # /_/|_/\_,_/\_, /_/_/\_,_/_/_/_/ Mac (PPC): MacOS9 / Linux / MacOS-X # # /___/ x86: Linux/FreeBSD/OpenBSD/QNX/Win98SE # ========================================================================
Maximiliano, This is a good example of an ipchains firewall (thanks to Kurt Seifried who shares it on www.securityportal.com) Study it, learn from it. HTH Philipp #!/bin/bash # # This script sets up firewall rules appropriate for a server with 2 interfaces # running as a gateway # This script needs to be edited if you plan to use it. # We assume the internal machines call all talk to the gateway, so no rules block # internal traffic # # A couple of variables # # ETH0 is the IP address on ETH0 (the external interface) # ETH0NET is the network # ETH0NETMASK is the network mask # TRUSTEDHOST1 is a trusted host (for webmin/ssh) # TRUSTEDHOST2 is a trusted host (for webmin/ssh) # ETH1IP is the IP address on ETH1 (internal interface) # ETH1NET is the network # ETH1NETMASK is the network mask # ETH0IP=1.1.1.1 ETH0NET=1.1.1.0 ETH0NETMASK=24 TRUSTEDHOST1=1.5.1.1 TRUSTEDHOST2=1.5.1.2 ETH1IP=10.0.0.1 ETH1NET=10.0.0.0 ETH1NETMASK=24 # PATH=/sbin # FLUSH ALL RULES ipchains -F input ipchains -F output ipchains -F forward # ANTI-SPOOFING ipchains -A input -p all -j DENY -s 10.0.0.0/8 -i eth0 -d 0.0.0.0/0 ipchains -A input -p all -j DENY -s 127.0.0.0/8 -i eth0 -d 0.0.0.0/0 ipchains -A input -p all -j DENY -s 192.168.0.0/16 -i eth0 -d 0.0.0.0/0 ipchains -A input -p all -j DENY -s 172.16.0.0/16 -i eth0 -d 0.0.0.0/0 ipchains -A input -p all -j DENY -s $ETH0IP -i eth0 -d 0.0.0.0/0 # ICMP FIRST ipchains -A input -p icmp -j ACCEPT -s $ETH0NET/$ETH0NETMASK -i eth0 -d 0.0.0.0/0 ipchains -A input -p icmp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 # SSH ipchains -A input -p tcp -j ACCEPT -s $TRUSTEDHOST1 -i eth0 -d 0.0.0.0/0 22 ipchains -A input -p tcp -j ACCEPT -s $TRUSTEDHOST2 -i eth0 -d 0.0.0.0/0 22 # BLOCKING 1:1023 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 1:1023 ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 1:1023 # BLOCKING OTHER THINGS ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 1109 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 1524 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 1600 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 2003 ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 2049 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 2105 ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 3001 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 3001 ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 3128:3130 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 3128:3130 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 3306 ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 3306 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 4444 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 6000:6100 ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 6000:6100 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 6667 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 7000 # WEBMIN ipchains -A input -p tcp -j ACCEPT -s $TRUSTEDHOST1 -i eth0 -d 0.0.0.0/0 10000 ipchains -A input -p tcp -j ACCEPT -s $TRUSTEDHOST2 -i eth0 -d 0.0.0.0/0 10000 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 10000 # FORWARD RULES ipchains -P forward DENY ipchains -A forward -p all -j MASQ -s $ETH1NET/$ETH1NETMASK -d 0.0.0.0/0 -----Ursprüngliche Nachricht----- Von: Maximiliano A. Benitez [mailto:dnbu5497@satlink.com] Gesendet: Donnerstag, 19. April 2001 18:00 An: suse-security@suse.com Betreff: [suse-security] Firewall Howto i config firewall.rc.config in linux suse 7.0 and howto setup ipchains i have two ethernet adapter whit ip public
This is a good example of an ipchains firewall (thanks to Kurt Seifried who shares it on www.securityportal.com) I am not so shure about that: The following ports are in the ip_local_port_range. If you just deny them, some (random) client connections won't work. Use -y to forbid server connections only ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 1109 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 1524 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 1600 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 2003 ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 2049 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 2105 ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 3001 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 3001 ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 3128:3130 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 3128:3130 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 3306 ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 3306 ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 4444 the policies should be set at the very beginning of the script, to prevent attacks while the script is running (highly paranoid, I know ;-) Anyway, the default policy should be DENY for all chains (input/output). This is more complicated, but the "right way" ipchains -P forward DENY ipchains -A forward -p all -j MASQ -s $ETH1NET/$ETH1NETMASK -d 0.0.0.0/0 You could have ommited -d 0.0.0.0/0 because this is default (same with -s .0.0.0.0/0 above)
I don't think, kurt would write his name below this ;-) bye! Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
This is more complicated, but the "right way"
ipchains -P forward DENY ipchains -A forward -p all -j MASQ -s $ETH1NET/$ETH1NETMASK -d 0.0.0.0/0 You could have ommited -d 0.0.0.0/0 because this is default (same with -s .0.0.0.0/0 above)
I don't think, kurt would write his name below this ;-)
Maybe he woudn't. But it can be found on: http://securityportal.com/lasg/firewall/index.html Philipp PS: given the fact it's for learning ipchains, it's good enough.
I don't think, kurt would write his name below this ;-)
Maybe he woudn't. But it can be found on:
Hah. that stuff is sooo old. In any event it's being rewritten. Expect some nice shiny new stuff later this year (you didn't think I'd get it done soon did you? ;)
Philipp
Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
My Linux box (SuSE 7.1, X, harden_suse) did strange things this morning and I wonder if there are some likely explanations or if this could be an attack: - while opening a large mail (about 245 K) with the Netscape Mail Client, Netscape stopped responding to user input (window was not repainted as well) - I tried switching to an open X-Term, but was not able to move the focus to that window - Switched to another console, logged in and tried killing the netscape process -> console ceased accepting input - Logged in remotely via ssh, which at first worked, but behaved weirdly (keystrokes were not displayed until the next key pressed) - then ssh ceased accepting input as well - switched the box off (Painful) and rebooted and everything worked - checked the log files (also firewall logs - I am behind a corporate FW), but could not find anything While this might not be a security related problem I'd appreciate any hints/tips/advice from the experts here. Thank you, .ps
alter ego wrote:
My Linux box (SuSE 7.1, X, harden_suse) did strange things this morning and I wonder if there are some likely explanations or if this could be an attack:
- while opening a large mail (about 245 K) with the Netscape Mail Client, Netscape stopped responding to user input (window was not repainted as well) - I tried switching to an open X-Term, but was not able to move the focus to that window - Switched to another console, logged in and tried killing the netscape process -> console ceased accepting input - Logged in remotely via ssh, which at first worked, but behaved weirdly (keystrokes were not displayed until the next key pressed) - then ssh ceased accepting input as well - switched the box off (Painful) and rebooted and everything worked - checked the log files (also firewall logs - I am behind a corporate FW), but could not find anything
While this might not be a security related problem I'd appreciate any hints/tips/advice from the experts here.
Did you test to open the mail again after the reboot? maybe its some mad code in it? Netscape also has many memleaks .. maybe you've just read the mail on the wrong day for netscape ;) i would check the mail for some mad code. did you see the load of the maschine? -- Mit freundlichen Gruessen / best regards, Sven Michels Network Operating Center / Infrastructure ----------------------------------------- intraDAT AG Wilhelm Leuschner Strasse 7 u. 9-11 60329 Frankfurt / Germany Tel: +49 69 256 29 - 0 Fax: +49 69 256 29 - 256 http://www.intradat.com -----------------------------------------
While this might not be a security related problem I'd appreciate any hints/tips/advice from the experts here.
Did you test to open the mail again after the reboot? maybe its some mad code in it? Netscape also has many memleaks .. maybe you've just read the mail on the wrong day for netscape ;) i would check the mail for some mad code. did you see the load of the maschine?
I tried opening the mail (cautiously) and it worked fine ... hmmm. It's a php-general-list-digest, so it does contain code snippets. I was not able to see the machine load. I tried top, but the command did not produce any output. This was about the same time, my ssh died. Thanks, .ps
While this might not be a security related problem I'd appreciate any hints/tips/advice from the experts here. I was not able to see the machine load. I tried top, but the command did not produce any output. This was about the same time, my ssh died. I had this problem with a defective Harddisk. The system time stood still(!). It could also be a defect RAM or Mainboard/CPU. Try memtest86, badblocks and other stress-testing tools (rc5 client from www.distributed.net)
hth Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
David Henderson wrote:
reiser_fs on /, ext2 on /boot
Your Problem might be related to the ReiserFS. Look at http://www.aota.net/ubb/Forum4/HTML/000471-2.html where a similar problem is discussed by ccTech (the system administrator of FutureQuest, an American hosting company). Erich --- Erich Schreiber MultiMediaForge erich.schreiber@multimediaforge.at
Erich Schreiber wrote:
David Henderson wrote:
reiser_fs on /, ext2 on /boot
Your Problem might be related to the ReiserFS. Look at http://www.aota.net/ubb/Forum4/HTML/000471-2.html where a similar problem is discussed by ccTech (the system administrator of FutureQuest, an American hosting company).
uhm! i remember .. some time ago i heared about problems with larger files on reiser .. the system hangs about a coupple of minutes .. cause of balancing the directorytree or something like that .. maybe this is a reason? -- Mit freundlichen Gruessen / best regards, Sven Michels Network Operating Center / Infrastructure ----------------------------------------- intraDAT AG Wilhelm Leuschner Strasse 7 u. 9-11 60329 Frankfurt / Germany Tel: +49 69 256 29 - 0 Fax: +49 69 256 29 - 256 http://www.intradat.com -----------------------------------------
Hi, I had this problem, too, and as I have xsysinfo running, I could figure out that my freezing was due to a completely used up memory (RAM and swap were full). This was caused by Netscape 4.x. It is easy to reproduce this mem filling by opening the history with Alt+H once. After this, every new page you load in Netscape will remain in memory forever, and the memory will start to fill quickly. My system froze on a 2.2.14 kernel. I don't know if this problem of freezing when memory is completely used up was fixed later on (I've so much memory now that it never fills ;-)), but you might want to let xsysinfo run and keep an eye on the memory bar when using netscape. Best regards, Frank -- Dipl.-Inform. Frank Steiner mailto:fst@informatik.uni-kiel.de Lehrstuhl f. Programmiersprachen mailto:fsteiner@web.de CAU Kiel, Olshausenstraße 40 Phone: +49 431 880-7265, Fax: -7613 D-24098 Kiel, Germany http://www.informatik.uni-kiel.de/~fst/
* Philipp Snizek wrote on Thu, Apr 19, 2001 at 21:45 +0200:
Maximiliano, ipchains -A input -p tcp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 1:1023 ipchains -A input -p udp -j DENY -s 0.0.0.0/0 -i eth0 -d 0.0.0.0/0 1:1023
It may save a lot of time to REJECT port 113, auth, I think (otherwise ident lookups will block until timed out). oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (10)
-
alter ego
-
Erich Schreiber
-
Frank Steiner
-
Kurt Seifried
-
Markus Gaugusch
-
Maximiliano A. Benitez
-
nagilum@chillout.org
-
Philipp Snizek
-
Steffen Dettmer
-
Sven Michels