LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-11-2005, 10:40 PM   #16
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379

Quote:
Originally posted by wardialer
But I want to use the script what I posted above. Could I do that??? And which textfile program does Mandrake use?
yeah, you could use the one you posted (remember to add the shebang, though), but you don't really need most of the rules in it and there's some weird stuff in it also, like this, for example:

Code:
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
that rule is ridiculous in this case cuz the firewall is configured to DROP all the new input packets anyways, so checking new packets to see if they are syn packets is pointless as the packet is gonna get dropped anyway...

also, all those "LOG AND DROP IANA RESERVED/BOGONS" rules are kinda pointless also, as with the "rp_filter" option you get the spoof protection without having to use any rules liek those...

this might sound conceited, but i strongly suggest you use the script i posted instead...

as for the text editor, i believe mandrake has several... kedit, gedit, etc... you can use whichever you please...


Last edited by win32sux; 02-11-2005 at 10:43 PM.
 
Old 02-11-2005, 10:44 PM   #17
wardialer
Member
 
Registered: Sep 2004
Distribution: SUSE Linux Pro 9.3
Posts: 375

Original Poster
Rep: Reputation: 30
I am still lost here with on what to do with the text editor. How can i make it executable??? Please explain.

And could you please give me an example on how to implement the shabang thing???

This part is also confusing. I have a long way to go and Im not even half way done here. Please explain this second part on the Shabang and how to make this thing executable?

Ok, I will use yours it IF ITS DOING STATEFUL PACKET INSPECTION Basically I want something that will be similar in action as a Linksys router that does Stateful Packet Inspection.

And how could I tell if its doing SPI??? Please give me an example from one of the lines.

But first please explain on how to do this executalbe thing with Kwrite. I have to get this done.

Last edited by wardialer; 02-11-2005 at 10:52 PM.
 
Old 02-11-2005, 10:52 PM   #18
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
just copy paste my example into the text editor and save it with whatever name you want... let's say you saved it as "example.txt"... so then to make it executable you just go to the command line, put yourself in the same directory as the "example.txt" file is in, and do a:

Code:
chmod 755 example.txt
of course before you do that make sure the file is owned by root:

Code:
chown root:root example.txt
the shebang is the first line in the script i posted... all shell scripts start with that line... i guess you didn't read the link i posted about the shebang on post #4...

here it is again:

http://wiki.linuxquestions.org/wiki/Shebang

if you need to read about the chmod and chown commands here's a link:

http://www.ahinc.com/linux101/permission.htm
 
Old 02-11-2005, 10:55 PM   #19
wardialer
Member
 
Registered: Sep 2004
Distribution: SUSE Linux Pro 9.3
Posts: 375

Original Poster
Rep: Reputation: 30
BEFORE I REALLY DO ANYTHING HERE I NEED TO KNOW WHETHER YOUR SCRIPT DOES STATEFUL PACKET INSPECTION SIMILAR TO THE ONE THAT A ROUTER USES LIKE LINKSYS. THATS ALL WANT, NOTHING ELSE.

Ok, I will use yours it IF ITS DOING STATEFUL PACKET INSPECTION Basically I want something that will be similar in action as a Linksys router that does Stateful Packet Inspection.

Are you sure your script is doing Stateful packet Inspection??? Please give me an example from your script if its doing SPI???

Quote:
put yourself in the same directory as the "example.txt" file is in, and do a:
How would I do that??? Im still lost.

Last edited by wardialer; 02-11-2005 at 11:00 PM.
 
Old 02-11-2005, 10:59 PM   #20
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally posted by wardialer
Ok, I will use yours it IF ITS DOING STATEFUL PACKET INSPECTION
i already addressed this on a previous post:
Quote:
Originally posted by win32sux
yes, it uses stateful packet filtering - any firewall that can recognize what NEW, ESTABLISHED, and RELATED packets are is using stateful packet filtering - it's a fundamental part of netfilter, which is what you are using...

Quote:
Originally posted by wardialer
And how could I tell if its doing SPI??? Please give me an example from one of the lines.
here you go:

Code:
$IPT -A INPUT -m state --state INVALID -j DROP
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
the first rule drops any packet with an invalid state... the second rule only allows incoming packets with ESTABLISHED,RELATED states...
 
Old 02-11-2005, 11:02 PM   #21
wardialer
Member
 
Registered: Sep 2004
Distribution: SUSE Linux Pro 9.3
Posts: 375

Original Poster
Rep: Reputation: 30
Quote:
put yourself in the same directory as the "example.txt" file is in, and do a:
Ok, I am still lost by this one quote you made. Show me an example of this quote please. I have not done anything yet so far. Please give me examples of commands that I have to use on this part. And in the Chmod thing. I thought this was going to be easy, but its very hard. And where is the command line? Please tell me what I have to enter there.

I just want something that will act similar to a Linksys router using Stateful Packet Inspection.

Ok, I Pasted your script into Kedit and I saved it as iptables.txt.

Now what do I have to do from here?


Last edited by wardialer; 02-11-2005 at 11:11 PM.
 
Old 02-11-2005, 11:10 PM   #22
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
if you are user "wardialer" with home folder "/home/wardialer" and you saved file "example.txt" in a directory called "fire_scripts" in your home folder, then to place yourself in that folder you'd do a:

Code:
cd /home/wardialer/fire_scripts
the "cd" command means "change directory"...

but usually when you open a terminal you get automatically placed in your home folder right-away, so you'd just need to:

Code:
cd fire_scripts
as for the chmod and chown examples, i have already given them to you... i even gave you a link to an intro about the commands...

Code:
chmod +x example.txt


Quote:
Mandrake Linux 9.1/W2K, HP-UX 11i 11, Tru64 UNIX 5.1b
why is it that i'm explaining the "cd" command to someone with all of this on their profile???


Last edited by win32sux; 02-11-2005 at 11:14 PM.
 
Old 02-11-2005, 11:13 PM   #23
wardialer
Member
 
Registered: Sep 2004
Distribution: SUSE Linux Pro 9.3
Posts: 375

Original Poster
Rep: Reputation: 30
I pasted the script. What should I save it as??? Should I save it as firewall.txt???

Then after that, how can I make it executable?
I am really lost now. You are giving me all kinds of different commands.

Lets make this easier: Can you list the the commands in order from lets say 1 to 10??? I think it will be much easier for me.

And what should I save the text as?? First you tell me example.txt then fire_scripts.

Last edited by wardialer; 02-11-2005 at 11:17 PM.
 
Old 02-11-2005, 11:16 PM   #24
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally posted by wardialer
I pasted the script. What should I save it as??? Should I save it as firewall.txt???
it doesn't matter... the name isn't important...

Quote:
Then after that, how can I make it executable?
Code:
chmod +x example.txt
and you can execute it with:

Code:
./example.txt

Last edited by win32sux; 02-11-2005 at 11:17 PM.
 
Old 02-11-2005, 11:19 PM   #25
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally posted by wardialer
First you tell me example.txt then fire_scripts.
i gave you an EXAMPLE in which you placed the file in a DIRECTORY named fire_scripts...
 
Old 02-11-2005, 11:20 PM   #26
wardialer
Member
 
Registered: Sep 2004
Distribution: SUSE Linux Pro 9.3
Posts: 375

Original Poster
Rep: Reputation: 30
What??????

I did a Save as, but I was in my Home directory. Which location in the Home directory do I have save it as??? It has the Location slot, so what should I put in the location slot. Should I save in the /Home/Myusername directory??? I tried doinhg that but it will not except it.

This is very complicated.

Your giving me different commands: I thought you said to do a Chmod 755 and then now its Chmod x

Last edited by wardialer; 02-11-2005 at 11:25 PM.
 
Old 02-11-2005, 11:29 PM   #27
wardialer
Member
 
Registered: Sep 2004
Distribution: SUSE Linux Pro 9.3
Posts: 375

Original Poster
Rep: Reputation: 30
I save it as: /home/myusername/documents/firewall.txt

Is this good??? Now what do I have to do next???
 
Old 02-11-2005, 11:30 PM   #28
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally posted by wardialer
I did a Save as, but I was in my Home directory. Which location in the Home directory do I have save it as??? It has the Location slot, so what should I put in the location slot.
once again, IT DOESN'T MATTER... you can put it anywhere you want... that's what i used EXAMPLES for... in my example i used a FICTIONAL directory named "fire_scripts" and a FICTIONAL file name "example.txt"... earlier i did the same thing with another fictional file named "firewall.txt"... you can name your file whatever you want and you can put it anywhere you want...

when i say:

Code:
chmod +x example.txt
that means that the "chmod +x" is to be done on whatever file you saved it as... it doesn't mean the file is actually called "example.txt"...

it's not complicated... the "+x" simply means "add executable permissions"...

Quote:
Your giving me different commands: I thought you said to do a Chmod 755 and then now its Chmod x
you can do it either way, +x or 755 will both make it executable... there isn't only one way of doing it... just pick one...
 
Old 02-11-2005, 11:32 PM   #29
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally posted by wardialer
I save it as: /home/myusername/documents/firewall.txt

Is this good??? Now what do I have to do next???
now you make it executable:

Code:
chmod +x /home/myusername/documents/firewall.txt
then you execute it (as root):

Code:
cd /home/myusername/documents

./firewall.txt
 
Old 02-11-2005, 11:34 PM   #30
wardialer
Member
 
Registered: Sep 2004
Distribution: SUSE Linux Pro 9.3
Posts: 375

Original Poster
Rep: Reputation: 30
Ok I got it.

So I after I save the text in /home/myusername/documents/ then I have to go into the Konsole and first do a 'su' and the

chmod +x iptables.txt

Please tell me if this is right and then after that I will reboot and then do a iptables -L
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall script simcox1 Linux - Security 7 11-13-2005 12:08 PM
slackware's /etc/rc.d/rc.firewall equivalent ||| firewall script startup win32sux Debian 1 03-06-2004 09:15 PM
Firewall script help!!!! cirkut5732 Linux - Newbie 8 04-17-2003 06:09 PM
Could you look over my firewall script please... Grim Reaper Linux - Networking 8 03-26-2003 03:33 AM
Firewall script help jfall Linux - Networking 6 10-23-2002 03:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration