Ok no problem, I already deleted the script what I had put in.

Of course, this iprules script did not work, either it was too aggressive or I dont know.

My question is, I am only using Linux for the Internet, Email, and offline stuff.

Like I said, I did a Common Ports Test and it showed all the Common Ports to be CLOSED instead of Stealth. I want to be able to put in a script which will fulfill my basic needs of computing. I have never created a iptables or iprules before.

I will ask GENTLY, if someone could provide me a script that will not mess up the system nextime.

I was very angry and I know I took it out on everyone who was trying to help me. I was ANGRY at Linux, Yes, Linux. I was angry at the fact that why can't they make Linux easier for at least an average user.

Thats it. Now back to normal.

And BTW, are CLOSED Ports mean that my Linux will be compromised????? Or, are CLOSED Ports not so bad than OPEN ones?

NO one but your sys-admin should be setting up
those rules for you. If that happens to be you you have
bitten off more than you can chew. Don't be angry
with Linux if you try to run before you even learnt
to crawl in terms of Linux administration. Linux didn't
make you rush things.


As far as "open" and "stealth" goes - it's arguable
which one is better. In terms of "TCP/IP etiquette" the
closed is the "politically correct" way of dealing with
scans. It's done with the reject rule. Stealth you can
achieve by just dropping the packages... that, however,
means that the other machine (which, for all you know,
may be legitimately trying to contact your box) has to
make several attempts of reaching you to see whether
it wasn't just a network fluke. Dropping however is "safer"
as it (to a large extent) hides the presence of the host.

Neither mode makes you vulnerable, closed just lets
potential intruders know that you exist.



Cheers,
Tink

Could someone please explain to me on what went wrong with this iprules code below? I could not view the webpages. Maybe it was too aggressive I dont know. Look below:

# optional, for over the top paranoid (and possibly limiting) security
iptables -A OUTPUT -o lo -s 127.0.0.1 -s 127.0.0.1 -j ACCEPT
iptables -A OUPTUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport http -j ACCEPT
iptables -A OUTPUT -p tcp --dport https -j ACCEPT
iptables -A OUTPUT -p tcp --dport ftp -j ACCEPT
iptables -A OUTPUT -p tcp --dport pop3 -j ACCEPT
iptables -A OUTPUT -p tcp --dport smtp -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -P OUTPUT DROP

I just want a code that would allow me to view webpages and email and to make all the ports stealth.

Thanks- I want to know what went wrong. Why I could'nt view webpages. And also, the fact why I could not open GEDIT to undo the problem.

Could anyone provide me with a new Firewall script??

Because the one above did not work. I could not view webpages.

Im on a dial-up connection and just doing basic computing. I want a basic iptables script for my basic needs. I want all of my ports to be stealthed. I tried it with the script above but my Linux loaded very very slow and I could not view webpages and plus I could not open GEDIT to undo the changes.

And another suggestion: why don't you try to
follow one thing through, rather than having a
thread about manually configuring IPtables and
one about installign guarddog ?

"If you honestly believe that you can compensate
for lack of dedication to a task by starting diverse
activities there's no limit to what you can't achieve"


Cheers,
Tink

The first script that was given to you (by qwijibow) should work:

Keep in mind that the above script is extremely basic and should be further tightened, however it should allow you to surf the internet and what ever else, will provide "stealthing".

Please relax and read the posts thoroughly until you understand what it's telling you to do before rushing off, borking your system and then irrationally accusing those who are trying help you of intentionally trying to screw up your system. You will save yourself alot of aggravation...

I did in fact install Guarddog
Look at the How to Install Guarddog Thread.
I have few questions about it.
As a matter of fact, heres my question below.

I just installed the link below:

1.0.0 RPM: guidedog-1.0.0-1mdk.i586.rpm ~129Kb

But it has only Read Only because I went to Find Files and it was listed as Read Only. How could I resolve this?

Ok, I got it to Open under the Find Files List.

But under the Advanced Config Window of Guarddog, what should I do to STEALTH ALL my ports without loosing my ability to view webpages??? Or Email??

But why is it Read Only????


And regarding the script, where and what area or section of the rc.local directory should I paste it to incase I decide to use it?
And will this script also boot Linux VERY VERY slow like last time???? I hope not.

And also Im using KPPP to connect to the Internet.

regarding the script, where and what area or section of the rc.local directory should I paste it to incase I decide to use it?
And will this script also boot Linux VERY VERY slow like last time???? I hope not.

And also Im using KPPP to connect to the Internet.

Ok it worked.

Thanks alot. ALL PORTS STEALTHED WITHOUT ANY PROBLEMS per GRC.com

Thanks

I saved the script onto OpenOffice for future use the nextime I install Linux on an other machine.