I'm planning to give an ipchains/iptables presentation at the Wed Tampa
SLUG meeting if you want to be there. I'll try to cover all of this
stuff.
Essentially though, the very first rule of firewalling is "Deny by
default." Which means deny EVERYTHING through the firewall UNLESS you
know FOR SURE that it should be allowed.
And that tool I used was called "nmap". You can get it at:
I usually just slap the ipchains script in root's home directory and
make a ln to it from the appropriate rc.d directory.
Russell Hires wrote:
>
> Hey everyone,
>
> I know we just had a major firewall discussion, but I'm just late, I guess...
> ;-)
>
> I remember at the CTS Derrick was chock full of info on the firewall he had
> set up. So, I've been reading the Firewall HOWTO and the Ipchains HOWTO, and
> I've got some questions...
> I guess this is to Derrick, but anyone else feel free to chime in...
>
> First, what were the services you disabled? The HOWTOs say time and discard
> and a few others are internal services. What do they do?
>
> Second, what software did you use to scan the other machine that you pointed
> out that didn't have some of those services disabled?
>
> Third, where do you keep the ipchains script? For me, it seems that Debian
> has got some default rules and thus a default script, but I don't exactly
> know where to find it...well, I guess I don't need to know to edit it,
> because there is a utility called, aptly, "ipchains," so I should just be
> able to type (from the command line) "ipchains -A <chain>", at least
> according to the man page...
>
> Thanks!
>
> Russell
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval
usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
| extract_mpeg2 | mpeg2dec -
http://www.eff.org/ http://www.opendvd.org/
http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:39:43 EDT