Re: Linux IP Tables and good AV software.

Bloke wrote:
> I wanted to know what kind of IP table files the Linux users of this
> group regularly use. Do you have customised rules, or do you just
> allow the system to flush them on reboot and recreate the default
> settings ?

I stated during installation that I did not want a firewall (although I did
install it) leaving me with a blank page as a start.
I did this because if I am running a form of security, I wish to know how it
works, and not just be happy with it if it happens to work.
In general I have everything set to DROP and then augmented the rules for
traffic I do wish to allow (imho the way to go about it).

These are the rules I have in place atm;

iptables -A INPUT -i eth1 -s $LAN -d 0/0 -j ACCEPT
iptables -A OUTPUT -o eth1 -d 0/0 -s $LAN -j ACCEPT
iptables -A OUTPUT -o eth0 -s $LAN -d 0/0 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -s 0/0 -d $LAN -m state --state
RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -s 0/0 -d $HTTPD -m
state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth2 -p tcp --dport 80 -s 0/0 -d $HTTPD -m
state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth2 -p tcp --sport 80 -s $HTTPD -d 0/0 -m
state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -s $HTTPD -d 0/0 -m
state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -d $EXTERNAL -j
DNAT --to $HTTPD:80

Where the state module takes care of all traffic from my LAN to the
internet, and all the related traffic which comes back in.

A good explenation on iptables can be found here;
http://www.siliconvalleyccie.com/lin...bles-intro.htm

> I'm starting to investigate the IP tables, and because I'm a Linux
> noob, they are not making for easy reading at the moment, so I'm kind
> of looking for a 'reference' point, or a recommended set of rules to
> add to the IP tables in the future. Or would it be a case of , 'if it
> ain't broke, don't fix it' ?

Well, a working system is nice, but I believe that you need to have
knowledge about how it works. This makes it easier to fix problems which you
might run into, and to augment the firewall to your needs. After that it
comes in handy when you want to help people building a setup like yours.
Working is nice, but if you read the link above you'll soon have a pretty
decent knowledge on iptables.

--
"Wisdom lies not in obtaining knowledge, but in using it in the right way"
- kroesjnov

http://www.securitydatabase.net
http://www.mostly-harmless.nl
http://www.outerbrains.nl
email: rnet (remove inter to reply)
UIN: 85685870
MSN:

kroesjnov

Bloke wrote:
> Many thanks for your input, and for the link regarding IP tables. I'm
> checking it out now.

np@all

> Your list of tables was just what I wanted, so I'll have my work cut
> out understanding them now, but the link should help.

typing 'iptables --help' will show you what the switches stand for, and the
link did a pretty good job educating me on iptables, so I hope you find it
usefull as well.

--
"Wisdom lies not in obtaining knowledge, but in using it in the right way"
- kroesjnov

http://www.securitydatabase.net
http://www.mostly-harmless.nl
http://www.outerbrains.nl
email: rnet (remove inter to reply)
UIN: 85685870
MSN: