Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] What are these?
  • From: Boris Lorenz <bolo@xxxxxxx>
  • Date: Tue, 13 Feb 2001 11:20:20 +0100 (MET)
  • Message-id: <XFMail.010213112020.bolo@xxxxxxx>
Hi Kevin,

On 12-Feb-01 Kevin Creason wrote:
> I AM using SuSEFirewal 4.2 on SuSE 6.4
> I ran the install... and configured it using YaST. Is there a better way?
> While we're on the subject, YaST appears to have some problems displaying
> text and descriptions.
>
> I even ran ipchains with these arguments:
> /sbin/ipchains -A input -p TCP -d 0.0.0.0./0 0:65535 -i ppp0 -l -j DENY
> /sbin/ipchains -A input -p UDP -d 0.0.0.0./0 0:65535 -i ppp0 -l -j DENY
> /sbin/ipchains -A input -p ICMP -d 0.0.0.0./0 0:65535 -i ppp0 -l -j DENY
> but apparently these scans are accepted before the new lines. I figured that
> those lines would break something for sure.

After booting, do a ipchains -n -L and list all your rules. You may see some
input/forward/output chains. If you want to experiment with an empty ipchains
ruleset, do ipchains -F, which flushes (deletes) all rules. Then, to achieve a
total block, you could do

ipchains -P input DENY
ipchains -P forward DENY
ipchains -P output DENY

Likewise, if you want to open up everything, replace DENY with ACCEPT.

Also make sure your firewall scripts (SuSE or other) are properly set up. It's
best to deny everything and then only let through what is needed (www, ftp,
telnet, ssh, etc.).

> What is the syntax to redirect a port-- like 80 to squid's incoming port?

try this for transparent proxying:

ipchains -A input -p tcp -d 127.0.0.1/32 www -j ACCEPT
ipchains -A input -p tcp -d your.ip.sub.net/24 www -j ACCEPT
ipchains -A input -p tcp -d 0/0 www -j REDIRECT 3128

These lines redirect local and network traffic destined to www (80) to squid's
port. Don't forget to include transparent proxying in your kernel.

[...]

---
Boris Lorenz <bolo@xxxxxxx>
System Security Admin *nix - *nux
---

< Previous Next >
References