Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Yes, your right, its very basic. I DO NOT use any webservers, or anything hardcore like that. Just Internet and Email. Thats it. And offline stuff.
Now, to stealth all my ports EXCEPT Internet, Email, how would I do that exactly. I saw the script that you posted above. Should I Copy/Paste to a text editor??? Or I dont know how this works.
Where in Linux is the Firewall Script Configs located in??? I see people posting IPTABLE Scripts but I do not know where to put these scripts in or where or how to configure them.
Or, if you dont mind, could you please post the script for my basic needs and then explain to me on where to put this script in ???
Im a real newbie in Linux security. I read sooooo many articles on Linux security and I still do not get the point.
Please explain the exact steps on doing this. Also I typed in "iptables -h" as a command and it came up with things that I do not understand.
I would very much appreciate it.
A few notes: Im using a Dial-up connection. With a dynamic IP address....I assume.
In the directory "/etc/shorewall" are two files: "rules" and "policy". Could you post the contents of those files here for us to take a look at? Note that there is a lot of comment (lines starting with #) in both these files, please skip that, it is not necessary and will clutter your post.
okay.. sorry, you sounded like you knew a little about firewalls when i landed that script on you...
ookay... a closed port will reply to an attempted connection with a "go away" messge.... a stealthed port will just drop the connection attempt.
the only rule that effects non local traffic in that rule, is the ESTABLISHED,RELATED rule...
this rule uses clever connection tracking to determine who started the connection.
if the connection was started by you machine... for example, your machine requestion a web-page from google... then the ESTABLISHED rule allows google to reply...
but if for example google sent you a message without you requesting the message, then the message will be totally ignore, and google assumes you are not online.
so, all your ports are stealthed.... EXCEPT for when anouther machine is replying to a connection you started.
ithe script i wrote has no restrictions on outgoing traffic... so you can use any clients... if you want to be untra-parranoid... add these rules...
iptables -A OUTPUT -o lo -s 127.0.0.1 -s 127.0.0.1 -j ACCEPT
iptables -A OUPTUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport http -j ACCEPT
iptables -A OUTPUT -p tcp --dport https -j ACCEPT
iptables -A OUTPUT -p tcp --dport ftp -j ACCEPT
iptables -A OUTPUT -p tcp --dport pop3 -j ACCEPT
iptables -A OUTPUT -p tcp --dport smtp -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -P OUTPUT DROP
with theseadditions, you machine will onlt be able to ..
* send and recieve email
* download files
* browse the internet
* browse the internet though encrypted connections
* ping other people, but not let other people ping you.
basically, to put the rules into effect.....
copy this text, and paste it at the bottom of your rc.local (which will be somewhere in your /etc/rc.d or /etc/init.d flder, depending on ourdistro) also, dissable shorewall.
Code:
modprobe ip_conntrack_ftp
iptables -F
iptables -Z
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -A INPUT -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
// optional, for over the top paranoid (and possibly limiting) security
iptables -A OUTPUT -o lo -s 127.0.0.1 -s 127.0.0.1 -j ACCEPT
iptables -A OUPTUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport http -j ACCEPT
iptables -A OUTPUT -p tcp --dport https -j ACCEPT
iptables -A OUTPUT -p tcp --dport ftp -j ACCEPT
iptables -A OUTPUT -p tcp --dport pop3 -j ACCEPT
iptables -A OUTPUT -p tcp --dport smtp -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -P OUTPUT DROP
This the way I did it. Please tell me if this is right.
Do I need to Restart the computer for this to take effect???
Look below:
This my (rc.local) file with the Pasted Script Rules:
Look below:
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
# optional, for over the top paranoid (and possibly limiting) security
Also you did not tell me if the above actions in (Post #7) that I posted were correct or not. Please tell me if I Pasted the script in the right position. I would appreciate it.
And also you did not mention which script rule do I have paste foe maximum security.
WHAT DID YOU DO TO MY SYSTEM!!!!!!!!!!!!!???????????????????/
IT TOTALLY CRASHED ON BOOT UP!!!!!!!!!!!!!!!!!!!!!
NOW I CANT EVEN OPEN UP GEDIT TO DELETE THE SCRIPT I PASTED.
WHEN I BOOT UP LINUX, IT SHOWS INITIALIZING SERVICES FOR ABOUT 5 MINUTES AND THEN IT STARTS TO LOAD UP THE APPLICATIONS AND ICONS ON THE DESKTOP VERY VERY SLOWLY.
Does your system boot up? I would assume that it does since you only made firewall changes. When the system starts up, just jump over to a console screen, login as root, edit rc.local with vi, and reboot.
Originally posted by unixfreak WHAT DID YOU DO TO MY SYSTEM!!!!!!!!!!!!!???????????????????/
IT TOTALLY CRASHED ON BOOT UP!!!!!!!!!!!!!!!!!!!!!
NOW I CANT EVEN OPEN UP GEDIT TO DELETE THE SCRIPT I PASTED.
WHEN I BOOT UP LINUX, IT SHOWS INITIALIZING SERVICES FOR ABOUT 5 MINUTES AND THEN IT STARTS TO LOAD UP THE APPLICATIONS AND ICONS ON THE DESKTOP VERY VERY SLOWLY.
NOW HOW COULD I FIX THIS PROBLEM???:mad: :mad: :mad: :mad: :mad: :mad:
How about starting to actually read the man-pages and
excellent tutorials on the iptables homepage instead of
trying others to make sense of your postings and abusing
them when what they're trying doesn't quite pose what
you expect?
And more to the point, why don't you go and work through Machtelt's guide to linux and the Rute Tutorial
before trying to use a linux-install in real-life?
People commonly don't start up a truck without having
used a motor vehicle in the past and then yell for support
and instructions at passing by people....
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.