Ok no problem, I already deleted the script what I had put in.
Of course, this iprules script did not work, either it was too aggressive or I dont know. My question is, I am only using Linux for the Internet, Email, and offline stuff. Like I said, I did a Common Ports Test and it showed all the Common Ports to be CLOSED instead of Stealth. I want to be able to put in a script which will fulfill my basic needs of computing. I have never created a iptables or iprules before. I will ask GENTLY, if someone could provide me a script that will not mess up the system nextime. I was very angry and I know I took it out on everyone who was trying to help me. I was ANGRY at Linux, Yes, Linux. I was angry at the fact that why can't they make Linux easier for at least an average user. Thats it. Now back to normal. And BTW, are CLOSED Ports mean that my Linux will be compromised????? Or, are CLOSED Ports not so bad than OPEN ones? |
NO one but your sys-admin should be setting up
those rules for you. If that happens to be you you have bitten off more than you can chew. Don't be angry with Linux if you try to run before you even learnt to crawl in terms of Linux administration. Linux didn't make you rush things. As far as "open" and "stealth" goes - it's arguable which one is better. In terms of "TCP/IP etiquette" the closed is the "politically correct" way of dealing with scans. It's done with the reject rule. Stealth you can achieve by just dropping the packages... that, however, means that the other machine (which, for all you know, may be legitimately trying to contact your box) has to make several attempts of reaching you to see whether it wasn't just a network fluke. Dropping however is "safer" as it (to a large extent) hides the presence of the host. Neither mode makes you vulnerable, closed just lets potential intruders know that you exist. Cheers, Tink |
Could someone please explain to me on what went wrong with this iprules code below? I could not view the webpages. Maybe it was too aggressive I dont know. Look below:
# optional, for over the top paranoid (and possibly limiting) security iptables -A OUTPUT -o lo -s 127.0.0.1 -s 127.0.0.1 -j ACCEPT iptables -A OUPTUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p tcp --dport http -j ACCEPT iptables -A OUTPUT -p tcp --dport https -j ACCEPT iptables -A OUTPUT -p tcp --dport ftp -j ACCEPT iptables -A OUTPUT -p tcp --dport pop3 -j ACCEPT iptables -A OUTPUT -p tcp --dport smtp -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -P OUTPUT DROP I just want a code that would allow me to view webpages and email and to make all the ports stealth. Thanks- I want to know what went wrong. Why I could'nt view webpages. And also, the fact why I could not open GEDIT to undo the problem. |
Could anyone provide me with a new Firewall script??
Because the one above did not work. I could not view webpages. Im on a dial-up connection and just doing basic computing. I want a basic iptables script for my basic needs. I want all of my ports to be stealthed. I tried it with the script above but my Linux loaded very very slow and I could not view webpages and plus I could not open GEDIT to undo the changes. |
Quote:
follow one thing through, rather than having a thread about manually configuring IPtables and one about installign guarddog ? "If you honestly believe that you can compensate for lack of dedication to a task by starting diverse activities there's no limit to what you can't achieve" Cheers, Tink |
The first script that was given to you (by qwijibow) should work:
Code:
iptables -F Please relax and read the posts thoroughly until you understand what it's telling you to do before rushing off, borking your system and then irrationally accusing those who are trying help you of intentionally trying to screw up your system. You will save yourself alot of aggravation... |
I did in fact install Guarddog
Look at the How to Install Guarddog Thread. I have few questions about it. As a matter of fact, heres my question below. I just installed the link below: 1.0.0 RPM: guidedog-1.0.0-1mdk.i586.rpm ~129Kb But it has only Read Only because I went to Find Files and it was listed as Read Only. How could I resolve this? Ok, I got it to Open under the Find Files List. But under the Advanced Config Window of Guarddog, what should I do to STEALTH ALL my ports without loosing my ability to view webpages??? Or Email?? But why is it Read Only???? And regarding the script, where and what area or section of the rc.local directory should I paste it to incase I decide to use it? And will this script also boot Linux VERY VERY slow like last time???? I hope not. And also Im using KPPP to connect to the Internet. |
regarding the script, where and what area or section of the rc.local directory should I paste it to incase I decide to use it?
And will this script also boot Linux VERY VERY slow like last time???? I hope not. And also Im using KPPP to connect to the Internet. |
Ok it worked.
Thanks alot. ALL PORTS STEALTHED WITHOUT ANY PROBLEMS per GRC.com Thanks I saved the script onto OpenOffice for future use the nextime I install Linux on an other machine. |
All times are GMT -5. The time now is 07:30 PM. |