Newbie Security, Nmap and Hosts.Allow
I am running a firewall/gateway called Clarkconnect, behind which are two MAC os X machines and one linux fedora core 1 machine. I don't think that I run any services on the clarkconnect box that I don't need, i.e. no web server etc. That's what the others are for !.
I ran nmap on both eth0 and eth1 on the Clarkconnect box and found the following ports open on both interfaces.
22/ tcp sshd
81/tcp hosts2-ns
82/tcp xfer
2000/tcp callbook
I did a little searching on the net and the last three seem pretty benign services, but nonetheless, I want to shut 82 and 2000 down and close off access to 22 and 81 except from one of my mac os x machines. I can use the webconfig on the clarkconnect box to close off ports 82 and 2000.
I think that I can close the other two in iptables and/or in hosts.allow and hosts. deny. So my question is, is this the recommended way to do this?
in my firewall script rc.firewall i thought I would add the following
$IPTABLES -A INPUT -i $INSIDE -s 192.168.1.203 -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT
$IPTABLES -A FORWARD -i $INSIDE -s 192.168.1.203 -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT
In hosts access control lists i thought I would add the following:
Hosts.deny
ALL:ALL
Hosts.allow
ALL:192.168.1.203 (this being the ip of the MAC os X machine)
Could someone tell me if these are done correctly? Also will I cut off web access on port 80 to the other machines? Thanks for your help
|