Security Basics mailing list archives

Re: Basic rules for IPTABLES protection

From: Patrick Benson <benson () chello se>
Date: Mon, 25 Nov 2002 22:35:45 +0100

Erick Arturo Perez Huemer wrote:


I am about to install a RedHat 8.0 box with iptables to act as our
firewall for our internal network that consists of 20 machines.

Besides doing a -j drop on our external interface when receives a packet
with source equal to our internal network, what other measures we have
to take?

We do host an SMTP server but nothing else. I have read about blocking
10.x.x.x addresses but also read that "some" routers/sites use those
addresses. Any anti-DoS rules? More settings?

Or maybe a link to a site that offers suggestion for proper firewall
configurations....

Thanks in advance,

Erick.


Why not take a look at Tom Eastep's Shorewall: 
http://www.shorewall.net/

Excellent documentation available, along with the author's reliable
support on the mailing lists which cover anything having to do with
configuring an iptables/firewall box like yours.

Best regards,
-- 
Patrick Benson
Stockholm, Sweden

Current thread:

Reasons for using an external firewall John P (Nov 20)
- Re: Reasons for using an external firewall Paul Cardon (Nov 21)
- Re: Reasons for using an external firewall Steve Bremer (Nov 21)
  - Basic rules for IPTABLES protection Erick Arturo Perez Huemer (Nov 25)
    - RE: Basic rules for IPTABLES protection Michael Sconzo (Nov 26)
    - Re: Basic rules for IPTABLES protection Patrick Benson (Nov 26)
    - RE: Basic rules for IPTABLES protection BurntCircuit (Nov 26)
    - Need Help Building Linux Based Firewall Khuzairi Yahaya (Nov 27)
    - Re: Need Help Building Linux Based Firewall Johannes Ullrich (Nov 28)
    - Re: Need Help Building Linux Based Firewall Jason Dixon (Nov 28)
    - Re: Need Help Building Linux Based Firewall phani (Nov 28)
    - Re: Need Help Building Linux Based Firewall Devdas Bhagat (Nov 29)