LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-30-2019, 12:16 AM   #1
FOSSilized_Daemon
Member
 
Registered: Mar 2019
Posts: 188

Rep: Reputation: 13
router, tor, i2p and iptables


Hello all, in an effort to help work on my security of my machine I am learning about IPtables and have a few questions. I have wrote a rules list for my setup (I got some from a guide and others from docs) which can be found here: https://gitlab.com/Puffles_the_Drago...iptables-rules (it's just big and I feel like it'd take too much space on the post). I have added rules for eth0 and iwn0 (my wifi, but I actually may need to script around this for portability. Like write this so that I can pass in my wifi interface), and I am feeling pretty good about it. Just one thing, I like to use tor and i2p for privacy reasons and wanted to ask how do I allow those? Along with that I know for DNS I need to accommodate my router (such as):

Code:
-A INPUT -i ens3 -s 000.000.0.0 -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -o ens3 -d 000.000.0.0 -p udp --dport 53 -m udp -j ACCEPT
what if I don't know my router ip? I ask because A) I don't and I am not allowed to access that info (I am a teenager and that is a whole big thing for some reason) and B) this is on my laptop and if I travel I need to accommodate. If I leave this out does DNS work? IE if I don't disallow it it works? The issue is I have

Code:
-A INPUT -j REJECT
-A FORWARD -j REJECT
-A OUTPUT -j REJECT
and really would like to keep it (so no it wouldn't work if I left it out). How would I work with this?

My second question is in relation to SSH. I, being on a laptop, don't want or need to be able to ssh into this machine what would be the proper configuration for this? All I can find are things like this:

Code:
# Input
-A INPUT -i ens3 -p tcp -m state --state NEW,ESTABLISHED --dport 22 -j ACCEPT
-A OUTPUT -o ens3 -p tcp -m state --state ESTABLISHED --sport 22 -j ACCEPT
# Output
-A OUTPUT -o ens3 -p tcp -m state --state NEW,ESTABLISHED --dport 22 -j ACCEPT
-A INPUT -i ens3 -p tcp -m state --state ESTABLISHED --sport 22 -j ACCEPT
now to me I imagine I just disallow (remove) rules for input, is this right? Also does ens3 get replaced with Eth0/wifi card? I have never seen that before (pulled off an example a few hours ago).

Also any good recommendations for running iptables automatically?
 
Old 06-30-2019, 03:18 AM   #2
battlestationX
LQ Newbie
 
Registered: Jun 2019
Posts: 16

Rep: Reputation: Disabled
IDK but you should know that Iptables is getting phased out by Nftables and BPF.. With the latter being the best, cause BSD uses it and so does Pfsense (and it just recently got implemented into the Linux kernel). BPF has a much cleaner syntax..

Last edited by battlestationX; 06-30-2019 at 03:20 AM.
 
Old 07-13-2019, 07:13 PM   #3
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian 6+, CentOS 5+
Posts: 1,323

Rep: Reputation: 100Reputation: 100
Well as far as not needing to ssh into the laptop just make sure you don't have the ssh server package installed. If it's not installed and not running blocked or not it's not a threat. Also it is easiest to use your chain and block everything then only open what you need.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Tor Browser Bundle/Tor and IPTables: Solution Needed Nonetas Linux - Networking 3 03-01-2018 11:27 PM
Tor Browser Bundle/Tor and IPTables: Working Solution Sought Nonetas Linux - Security 1 01-14-2018 06:23 PM
LXer: Edward Snowden's Favorite Anonymous Live CD, Tails, Updates Tor Browser and I2P LXer Syndicated Linux News 0 09-23-2015 02:51 AM
Anonymity: Using TOR & I2P fkasmani Linux - General 3 07-07-2011 04:13 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration