LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-12-2001, 04:38 AM   #16
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31

You could do that, but you have to check if your running any ports as unprivileged above 1023.

Like 6000 X windows.
Also you can't stop Unix tracerouting.

It's also better for logging if you put in a solid rule set.

/raz
 
Old 07-13-2001, 06:36 PM   #17
Chypmunk
Member
 
Registered: Mar 2001
Distribution: redhat 7.0
Posts: 75

Original Poster
Rep: Reputation: 15
allrite. a solid rule set.. (windoze firewalls are soo much easier)..
so I have a linux box (desktop. not serving or routing) I wan't to keep from remote access/administration. I wan't to be able to use the internet (www/ftp) and E-mail.. Thats it.. What would a solid rule set look like for a computer like that?

Thankyou
Chyp
 
Old 07-16-2001, 06:32 AM   #18
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
That's why Windozes gets a lot of stick, cause it's not as secure and doesn't conform 100% to TCP/IP RFC's

If the desktop is behind the router/firewall, then unless your paranoid you don't normally secure it. "that's the firewalls job"
Or you have a DMZ where you start having a Trihomed firewall design to increase security.

Anyway,
You just have to think in port numbers.

So you want to only allow your firewall to connect to some services and Reject the others.

Allow outgoing tcp 21 "ftp"
Allow outgoing tcp 20 "ftp passive"
Allow outgoing tcp 80 "http"
Allow outgoing tcp 443 "https"
Allow outgoing tcp 53 "DNS"
Allow outgoing udp 53 "DNSr"

Allow incomming tcp source port 80 destination above 1023
Allow incomming tcp source port 21 destination above 1023
Allow incomming tcp source port 20 destination above 1023
Allow incomming tcp source port 443 destination above 1023
Allow incomming tcp static source port 53 destination above 1023
Allow incomming udp static source port 53 destination above 1023
Reject all other connections

If you read my script from my previous post this is what is does, there is no quick fix or short cut when it comes to security, otherwise why both with a firewall, just turn off the services you don't use instead.

It also answers your question "What would a solid rule set look like for a computer like that? "

I suggest you understand the fundamentals of TCP/IP by reading some books like "Internet core protocols" then it's a lot easier to create your own firewall as it's unique to your requirements. I could show you what yours should look like but I don't know your ISP, your DNS, your mail provider and your security requirements and you won't learn how to do it.

/Raz
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ipchains problem gz_xmg Linux - Security 4 04-08-2004 03:36 AM
Mail Relay problem IPCHAINS The Jesus Linux - Security 2 05-03-2002 06:02 AM
Problem with ipchains J_Szucs Linux - Newbie 17 11-29-2001 06:40 PM
Weird ipchains problem progressroom Linux - Security 1 09-27-2001 05:35 AM
IPChains problem DATA_OK Linux - Security 15 09-12-2001 09:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration