Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi, on recent advice from security questions ive been asked, ive installed iptables.
(comes with redhat 9)
i set it up dureing a complete re-install.
and set it at maximum security. it said it would not allow any incomming connections that were not user defined.
i have not defined any connections to allow yet, so decided to test it with yep, telnet.
with my firewall up, and set to dis-allow all incomming connnections, why is it that im able to telnet sucessfully to cups and smtp ???
should the firewall not dissallow it ?
i am currently reading documentation on the iptables homepage,
are there any other resources any1 could recomend for a first time firewall user ? or will the home site be surficiant ???
When you telneting the box Iḿ sure you will notice that you will not be able to connect and work with it remotely therefor the service to the box has been blocked/closed. When you telnet smtp or any other service it will responed as this port is open for a incomeing connection. This normally a good method to be used to see if the port is responding or up. When you telnet a service like smtp for e.g you will see a dash blinking but you will not see a login prompt therefor there is nothing to worry about it is just saying Iḿ up and ready.
I don t think there is a way to block telnet to those services I ve never heard of it but HEY always eager to learn.
u read the documentation and found that the initial setup i did did not actually setup any chains... (all my chains INPUT OUTPUT OFRWARD) are empty, and policy set to ACCEPT)
i think i know enough to input my own chains, BUT there are some things i would like to ask first.
first of all, i am going to leave my FORWARD chain empty and set it policy to REJECT (i am not using my box as a proxy / firewall to a LAN)
also, i assume no matter what i do with IPTABLES, ALL connections made via the loopback interface (127.0.0.1) will be accepted ?? (or will i have to add that to INPUT and OUTPUT ?)
My understanding of networks if very simple, i know only what i needed to know for winsock programming in windows, but, here's my understanding.
*when in a browser i type 'www.google.com/linux' the browser first look up the name google.com on a server to get its IP address (what is this server ? will i have to add it to my OUT CHAIN ????)
then it connects to the given IP address on port 80, the remote server is only listeining on port 80, and accepts the connection of a freee port, lets say port X.
but i have NO idea what port the info is sent to my browser through.
as you can see, im still a little confused, is there any firther documentation ?
or could any1 port there INPUT / OUTPUT chains that i could look at as an example.
thankyou.
OHH, and more thing, are the changes i make to IPTABLES instaltyl enforced, or do i have to restart my machine ????
> i assume no matter what i do with IPTABLES, ALL connections made via the loopback interface (127.0.0.1) will be accepted ?? (or will i have to add that to INPUT and OUTPUT ?)
Iptables won't allow loopback traffic unless you tell it to. Either you can just allow all INPUT traffic, which is a really, really bad idea or you can have you default INPUT policy be DROP and then just add the rules you want i.e iptables -A INPUT -i lo -j ACCEPT
> *when in a browser i type 'www.google.com/linux' the browser first look up the name google.com on a server to get its IP address (what is this server ? will i have to add it to my OUT CHAIN ????)
These are your DNS nameservers. They are automagically punched through the firewall for you during the init process.
> then it connects to the given IP address on port 80, the remote server is only listeining on port 80, and accepts the connection of a freee port, lets say port X. but i have NO idea what port the info is sent to my browser through.
A "clean-up" rule like this will catch all the situations where an initial connection that you initiate is handed off to a different port number:
iptables -A INPUT -p ALL -m state --state RELATED,ESTABLISHED -j ACCEPT
>is there any firther documentation ?
Check out the netfilter howto's at www.netfilter.org . The FrozenTux one is pretty good. They also have example firewalls you can check out.
>OHH, and more thing, are the changes i make to IPTABLES instaltyl enforced, or do i have to restart my machine ?
You will have to restart iptables, but not you're entire system.
but im still having trouble with this whole DNS thing.
just for testing, i have my INPUT policy set to accept, (no rules)
and output policy set to drop, with only 1 rule...
iptables -A OUTPUT -p tcp -d smtp.ntlworld.com -dport 25 -j ACCEPT
(ip tables seems to automatically convert the URL into an ip address)
but, all my telnet connections to that server's URL are DROPED (unless i telnet to that servers IP address)
i assume this is my firewall stoping telnet from accessing the DNS servers ????
but anyway, ive started a seperate thread about this problem, (dont want to be shouted at for double posting) but thankyou for ur reply.
Ahh I see what's going on now. Iptables can't take a URL (smtp.ntlworld.com) as an argument with the -d option. It only accepts ip addresses, so you'll have to find out what is there ip address. I get:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.