Re: comments about lokkit default script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Basically to understand the script a bit better you should look at how
the rules look in the table.

iptables -nxvL

should give you some output. If the default policies are to ACCEPT
things then what is happening is that you are accepting ALL outbound
traffic and very little inbound traffic. The newest
redhat-config-firewall in their rawhide has some changes to this, but I
have been doing custom firewalls for too long now to remember what they
are (I think they put in an ESTABLISHED,RELATED rule in now.)

Are you forwarding traffic through your firewall or just using it as a
client. If you are using it as a client it is pretty ok and secure. If
you are using it as a forwarder you will probably want to make some
changes for interfaces to be semi-trusted.

On Fri, 2003-09-12 at 00:11, Faheem Mitha wrote:
> Dear People,
> 
> I'm pretty new to packet filtering etc. I ran lokkit's simple
> configuration utility, and it seems to work Ok with my computer. I don't
> think I need an elaborate setup. I'm running my machine on Earthlink's
> cable broadband (pretty basic setup) using DHCP, and am currently
> disallowing all connections from outside, though I might open up an
> ssh port at some point. The script is run as
> 
> /sbin/iptables -I INPUT -j RH-Lokkit-0-50-INPUT && /sbin/iptables -I
>   FORWARD -j RH-Lokkit-0-50-INPUT
> 
> in /etc/rc*, where the chain is defined (/in /etc/default/lokkit) by
> 
> #!/bin/sh
> PATH=/sbin:$PATH
> iptables -N RH-Lokkit-0-50-INPUT
> iptables -F RH-Lokkit-0-50-INPUT
> iptables -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
> iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 207.69.188.185
> --sport 53 -d 0/0 -j ACCEPT
> iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 207.69.188.186
> --sport 53 -d 0/0 -j ACCEPT
> iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 207.69.188.187
> --sport 53 -d 0/0 -j ACCEPT
> iptables -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
> iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
> 
> At the moment, I just trying to understand what this chain does.
> 
> >From reading documentation, I see that the line
> 
>   /sbin/iptables -I INPUT -j RH-Lokkit-0-50-INPUT && /sbin/iptables -I
>   FORWARD -j RH-Lokkit-0-50-INPUT
> 
> basically disallows new connections, but I got the impression that
> this is not considered the best way to do this, as it is still
> possible to make connections by using "malformed packets". Is this
> still a good first approximation?
> 
> I can't get any information about ports using nmap, presumably because
> it uses orthodox connection methods. Ping is still working, presumably
> because I have not disallowed ICMP packets.
> 
> Are the lines
> 
> iptables -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 207.69.188.18*
> --sport 53 -d 0/0 -j ACCEPT
> 
> allowing through the DHCP connection? The 207.69.188.18* are
> Earthlink servers, they look like nameservers.
> 
> Thanks in advance for any reply.
>                                                     Faheem.
-- 
Stephen John Smoogen		smoogen@xxxxxxxx
Los Alamos National Labrador  CCN-5 Sched 5/40  PH: 4-0645 (note new #)
Ta-03 SM-1498 MailStop B255 DP 10S  Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux