LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-29-2005, 08:27 AM   #1
dbraghi
LQ Newbie
 
Registered: Dec 2004
Posts: 5

Rep: Reputation: 0
SuSEfirewall - how to block outgoing connections


I've a SuSE 9.1 and use SuSEfirewall, how can I lock outgoing connection from the pc in the network?
For example I would like to lock outgoing connection using the tcp port 4662 (emule).
Thanks,
Davide
 
Old 03-30-2005, 05:52 PM   #2
Krugger
Member
 
Registered: Oct 2004
Posts: 229

Rep: Reputation: 30
I had Suse and didn't like the scripting of the firewall, so I deleted the init scripts and put up my own simple iptable commands.

iptables -A OUTPUT -p tcp --source-port 4662 -j DROP

or

iptables -A OUTPUT -p tcp --destination-port 4662 -j DROP

will be silently discarded or you can use -j REJECT so that the application doesn't have to wait for the timeout.
 
Old 04-02-2005, 05:20 PM   #3
Present
Member
 
Registered: Jan 2004
Distribution: suse/slack/gentoo/lfs (not-in-that-order)
Posts: 284

Rep: Reputation: 30
would you mind giving a couple line example for configuring IP Table to allow only evolution and firefox to access the internet for instance?
 
Old 04-02-2005, 07:27 PM   #4
jerky
Member
 
Registered: Jul 2003
Distribution: RH 7.3 , RH9,RHEL,FC
Posts: 38

Rep: Reputation: 15
forward chain

if you are forwarding internet by masquerading your internal network, such as a rule

Iptables -t nat -A POSTROUTING -o eth-external -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

you should insert a rule above the forward chain (established, related) to expressly deny port 4662, since you are trying to block it as a destination port, you will only need the --dport flag in your forward rul

Iptables -t nat -A POSTROUTING -o eth-external -j ACCEPT
iptables -A FORWARD -p tcp --dport 4462 -j DROP/REJECT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth-internal -s 192.168.0.0/24 -j ACCEPT
 
Old 04-02-2005, 09:08 PM   #5
Skyline
Senior Member
 
Registered: Jun 2003
Distribution: Debian/other
Posts: 2,104

Rep: Reputation: 45
Quote:
would you mind giving a couple line example for configuring IP Table to allow only evolution and firefox to access the internet for instance?
There might be a module that facilitates this functionality ??? - I'm not sure though, somebody else might be able to guide you further on that particular point - however, on a related point, it's worth mentioning for newer users that you can still deploy some useful egress (outbound) filtering ideas via IPtables: - as an example, looking at the outbound filtering aspect for a possible workstation script:

Code:
iptables -P OUTPUT DROP  
iptables -A OUTPUT -o lo -j ACCEPT  
iptables -A OUTPUT -o eth0 -p udp --dport 53 --sport 1024:65535 -j ACCEPT  
iptables -A OUTPUT -o eth0 -p tcp -m multiport --dports 80,110,443 -j ACCEPT
As you can see, in a relatively straight-forward manner, you can drop all outbound connections, except for access to ports which you explicity define. Admitedly, this isn't discriminating on a per-application basis, but it's a step in the right direction.

Last edited by Skyline; 04-02-2005 at 11:23 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Block outgoing traffic through router? Micro420 Linux - Networking 3 03-15-2005 07:01 AM
firewall outgoing connections hotrodowner Linux - Security 2 02-22-2004 12:51 PM
preventing users to make outgoing connections Shroom Linux - Security 5 06-15-2003 05:57 AM
outgoing connections DonMiner Linux - Networking 2 05-02-2003 09:51 AM
Spurious outgoing connections while browsing LQ the theorist LQ Suggestions & Feedback 1 05-24-2002 10:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration