[TriLUG] httpd probe issues
Alan Porter
porter at trilug.org
Tue Aug 12 10:07:09 EDT 2008
If you're interested in filtering using iptables, I would highly
recommend shorewall.
Shorewall is just a pretty front end to iptables. It runs once, when
the system is booted, and from then on, its job is done. The heavy
lifting is done by the iptables rules.
Like Joe mentioned, good iptables rules are divided into "policy" (drop
everything) and "rules" (unless it comes from my house, unless it's
going to port 80, etc). Shorewall has a couple of config files named
"policy" and "rules".
My examples are below. Notice that shorewall has a lot of fancy options
like limiting the rate of traffic on certain ports. All of this is
optional. But these guys have done a lot of good work to make a tool
that is easy to configure.
Alan
### POLICY ###
# Accept traffic from my local (in-cube) network to this firewall.
loc fw ACCEPT
# forward local-to-net traffic
loc net ACCEPT
# allow internal traffic
loc loc ACCEPT
# allow outgoing traffic
fw loc ACCEPT
fw net ACCEPT
# do not allow incoming traffic (unless a specific rule applies)
net fw DROP info
net all DROP info
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
### RULES ###
# ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER
ACCEPT net fw tcp 22 # SSH
ACCEPT net fw tcp 80 # HTTP
ACCEPT net fw tcp 903 # VMWARE
ACCEPT net fw tcp 5900 # VNC
ACCEPT net fw udp 123 # NTP
# pings are OK
ACCEPT all fw icmp 8 # ping
.
More information about the TriLUG
mailing list