[H-GEN] An iptables question ...

Ewan Edwards Ewan.Edwards at mincom.com
Thu Sep 19 03:13:53 EDT 2002 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Thursday 19 September 2002 16:12, you wrote:

> >
> > The best idea would be to properly firewall the box, so only
> > the services that you wish to provide are open to who you
> > want to provide them to.
>
> You took the words right out my mouth Brad.

I have used the setup utility that is a part of the Redhat 7.3 distribution 
to set the Firewall configuration Security Level to "High".  What that 
actually means, I really don't know - but it looked good at the time.  

Also, I suspect the "Firewall configuration" thing is broken, but I have no 
way of knowing if that's right or wrong.  I also haven't spent the time to 
read the doco about it.

>
> > Assuming you've gotten the appropriate things compilied into
> > your kernel, the following command should do something like
> > what you want.  I'll leave it to the reader to decide where
>
> The reader may wish to put the firewall up before the web server comes up
> or a window of opportunity it opened for an attack.

As I said, the thing is inside the company firewall and is not otherwise 
available from outside.  I'm thinking of putting a firewall between the 
router and the whole Brisbane office network at a later date anyway.  But 
that's for a whole raft of other reasons.

>
> If no one has made any suggestions Ewan, I'm happy to give some pointers
> later (a bit tied down at work right now).  If I don't post something in a
> few hours nudge me :)

Anything would be appreciated, but don't rush.  I won't see it until tomorrow 
at the earliest.  I am assuming that the command Brad wrote will do what's 
needed in the short term, but as Brad says I need to decide where to put it 
so it runs on boot.  That's where my problems start.  

All the doco I've read about iptables seems to concentrate on constructing 
rules and how the rules relate to each other.  What it hasn't told me yet, is 
how I can implement these rules.  Do I use these rules with some utility that 
constructs a script thats run at boot time?  Do these rules get put into a 
config file somewhere that kernel refers to at boot time?  Is there some 
other daemon that needs to find these rules somewhere?  

I just don't know how or where the kernel or "iptables utility" becomes aware 
of the rules.  I don't even know if iptables is a separate program, or a 
daemon, or a part of the kernel.
  
Regards,
Ewan

-- 
Ewan Edwards BE MIEAust CPEng MCSE
Systems Administrator
MineStar Solutions
Ewan.Edwards at mincom.com
Telephone: +61 (0) 7 3303 3554
Facsimile: +61 (0) 7 3303 3470
___________________________________________________________________

Growing old may be mandatory, but growing up is still optional.
___________________________________________________________________


-- 
This transmission is for the intended addressee only and is confidential information.  If you have received this transmission in error, please delete it and notify the sender.  The contents of this e-mail are the opinion of the writer only and are not endorsed by the Mincom Group of companies unless expressly stated otherwise.


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list