LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-03-2005, 03:11 PM   #1
debtman7
LQ Newbie
 
Registered: Aug 2005
Posts: 4

Rep: Reputation: 0
remote firewall setup


Hello,

I have a hosted VPS set up running Fedora Core 3. A scant 8 hours after setup, it was hacked... So now I am trying to lock it down properly, but having some problems. It seems, as far as I can tell, the default fedora security tool (lokkit) to configure the firewall does not actually work. When you fire it up and tell it to only allow ssh and www, it generates the following:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2058:139501]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

OK great. For some reason when you only want ssh, it defaults to accept everything. Huh? Am I doing something wrong here, or is this tool just this stupid? The last parts says reject, but even with this setup I can still portscan other ports and telnet to them.

Anyway, the problem here is that I only have remote ssh access, I can't sit down at this box. So, how am I supposed to go about setting the default policy to DROP for proper security? Obviously if I just do the iptables command for that I'm locked out of the box... Can I save the config to a file, edit it and then load it without kicking me off? I'm a bit scared to try Also I'm not sure what the appropriate file syntax is, since all the iptables documentation is on using the iptables command. I just want the firewall to allow ssh and http, with everything else completely blocked.
 
Old 08-03-2005, 03:22 PM   #2
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Debian, Android
Posts: 1,819

Rep: Reputation: 46
The way I manage this is also with ssh. An iptables bash script is a nice way to deliver the rules and edit the rules while seeing the big picture.

You are correct lokkit is trash, and has always been. All the major GUI's for iptables are severely lacking in my opinion.

Start your script with the following lines and your default policies will be set correctly

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A INPUT -p tcp -i eth0 -s <yourip> --dport 22 -j ACCEPT <---- This allows SSH from your ip only.

and so forth. If you get stuck post the problem. There are a few iptables gurus here that are really good at this kind of setup. I do ok, but there are better.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
remote desktop to Win2k3 through linux firewall shax Linux - Networking 2 06-08-2012 06:59 AM
ssh and other remote access to a firewall. Insane? fipeso Linux - Security 9 05-04-2005 12:37 AM
Remote access behind firewall MicroSun Linux - Networking 7 02-23-2005 02:44 PM
help with client side NFS-firewall setup and server side NIS-firewall setup niverson Linux - Networking 3 02-02-2004 08:52 AM
Remote login to an intranet server behind firewall? J_Szucs Linux - Newbie 3 07-20-2002 11:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration