Re: [SLUG] packet filtering using ipchains

From: VT (vt1@gte.net)
Date: Fri Jul 27 2001 - 00:13:37 EDT

Next message: Derek Glidden: "Re: [SLUG] GPL version of Kylix"
Previous message: Paul M Foster: "Re: [SLUG] GPL version of Kylix"
In reply to: Travis Walls: "[SLUG] packet filtering using ipchains"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

At 08:25 PM 7/24/01 -0400, you wrote:
>Hi all,
>
>I am trying to secure my linux box by setting up some essential but
>powerful packet filtering rules using ipchains. I chose ipchains over
>iptables simply because it seems that redhat 7.1 likes using ipchains by
>default (as it loads the settings for ipchains during boot by default.)
>plus, they are very similar in nature.
>
>Here is what i would like to do:
>
>Deny everything at first.
>Allow programs that i need to use access to the internet.
>Allow services to contact the internet that are required by the system.
>
>In other words:
>
>My system will appear to not even exist when doing basic probing.
>I will be able to browse web (without common ads), talk on irc/aol im/icq,
>play against others online with quake 3 arena, read e-mail/news, and
>connect to my remote ftp server.
>ICMP services like destination unreachable, source quench, time exceeded,
>and parameter problem will be allowed, but ping and pong services will
>just be denyed.
>
>Here is my current network setup:
>
>RedHat 7.1 box filtered using ipchains <-> Road Runner <-> Internet
>
>Note that i have only two interface in my box: eth0 and lo. thus, i have
>no need for forwarding, proxying, masquerading, etc. all i want is a good
>filtering system. I tried to look up information on this topic, but
>(annoyingly) everyone assumes i have some sort of lan setup and i have a
>separate box setup as a firewall and nothing else, or that i have a dialup
>and that also have an internal network. No one seems to cover how to setup
>a single user machine to protect themselves on the internet. If anyone
>could please help, i would appreciate it.
>
>Thanks,
>Travis
>
>BTW, where did the irc channel go? I left for a little while, then came
>back, looked and found it had disappeared...

If I may suggest, http://www.bastille-linux.org/. It comes with Mandrake
Linux 8.0 and also runs with RedHat.

It is actually a collection of perl scripts that setup iptables and other
security settings.

Next message: Derek Glidden: "Re: [SLUG] GPL version of Kylix"
Previous message: Paul M Foster: "Re: [SLUG] GPL version of Kylix"
In reply to: Travis Walls: "[SLUG] packet filtering using ipchains"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:02:29 EDT