Security Basics mailing list archives
RE: Basic rules for IPTABLES protection
From: "Michael Sconzo" <msconzo () tamu edu>
Date: Mon, 25 Nov 2002 16:38:49 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You should block ALL private IP ranges, both ingress and egress from your firewall. This also entails 192.168.0.0/16 and 172.16.0.0/12 including the 10.0.0.0/8. Other good things to block: Internal IPs on the exteral interface 127.0.0.0/8 (loopback) on internal or external interfaces You could also filter ICMP inbound and outbound Also, make sure to only allow the necessary inbound/outbound ports. A good rule of thumb is that which is not explicitly allowed should be denied. This is by no means a comprehensive list of things to filter but its a good starting set. - -Mike - -----Original Message----- From: Erick Arturo Perez Huemer [mailto:eperez () compuservice net] Sent: Saturday, November 23, 2002 12:28 AM To: security-basics () securityfocus com Subject: Basic rules for IPTABLES protection I am about to install a RedHat 8.0 box with iptables to act as our firewall for our internal network that consists of 20 machines. Besides doing a -j drop on our external interface when receives a packet with source equal to our internal network, what other measures we have to take? We do host an SMTP server but nothing else. I have read about blocking 10.x.x.x addresses but also read that "some" routers/sites use those addresses. Any anti-DoS rules? More settings? Or maybe a link to a site that offers suggestion for proper firewall configurations.... Thanks in advance, Erick. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPeKlcC76iJsaBRvcEQJo7ACgiHb0SiP3rSd1GKhPFiAcSMyuE98AniUc gOFlS+5ZAUFPC9YDf+33tLpr =YYwj -----END PGP SIGNATURE-----
Current thread:
- Reasons for using an external firewall John P (Nov 20)
- Re: Reasons for using an external firewall Paul Cardon (Nov 21)
- Re: Reasons for using an external firewall Steve Bremer (Nov 21)
- Basic rules for IPTABLES protection Erick Arturo Perez Huemer (Nov 25)
- RE: Basic rules for IPTABLES protection Michael Sconzo (Nov 26)
- Re: Basic rules for IPTABLES protection Patrick Benson (Nov 26)
- RE: Basic rules for IPTABLES protection BurntCircuit (Nov 26)
- Need Help Building Linux Based Firewall Khuzairi Yahaya (Nov 27)
- Re: Need Help Building Linux Based Firewall Johannes Ullrich (Nov 28)
- Re: Need Help Building Linux Based Firewall Jason Dixon (Nov 28)
- Re: Need Help Building Linux Based Firewall phani (Nov 28)
- Re: Need Help Building Linux Based Firewall Devdas Bhagat (Nov 29)
- Basic rules for IPTABLES protection Erick Arturo Perez Huemer (Nov 25)