Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] What are these?
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Tue, 13 Feb 2001 11:50:34 +0100
  • Message-id: <20010213115034.E3084@xxxxxxxxx>
* Kevin Creason wrote on Mon, Feb 12, 2001 at 17:22 -0600:
>
> I even ran ipchains with these arguments:
> /sbin/ipchains -A input -p TCP -d 0.0.0.0./0 0:65535 -i ppp0 -l -j DENY
> /sbin/ipchains -A input -p UDP -d 0.0.0.0./0 0:65535 -i ppp0 -l -j DENY
> /sbin/ipchains -A input -p ICMP -d 0.0.0.0./0 0:65535 -i ppp0 -l -j DENY

That allows still a lot (all other IP protocols). Ports make no
sense for ICMP. To drop anything you could use:

/sbin/ipchains -A input -i ppp0 -l -j DENY

But at least for ident/auth I would suggest to use REJECT to
avoid long timeouts. You shouldn't block all IMCP types (at least
some type 3 - dest unreach - should be allowed, at least if not
fragmented).

> but apparently these scans are accepted before the new lines. I
> figured that those lines would break something for sure.

If you're really paranoid you could use:
/sbin/ipchains -A input $ALLOWED_OPTIONS -i ppp0 -l -j ACCEPT
to log allowed packets too, but you will get a lot of logs.

> What is the syntax to redirect a port-- like 80 to squid's incoming port?

use rindetd or:
from man ipasqadm:

ipchains -I input -p tcp -y -d yours.com/32 80 -m 1
ipmasqadm mfw -I -m 1 -r hostA 80

(untested)

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >
Follow Ups