Security Basics mailing list archives
Re: Iptables Clues and Advices.
From: Christian Friedl <xian () mediaclan at>
Date: Fri, 04 Apr 2003 14:06:17 +0200 (METDST)
Nahual Guerrero <nahual () axis org> writes on Wed, 02 Apr 2003 22:55:55 +0200 (METDST):
my $iptfh = 'iptables -F'; my $iptin = 'iptables -A INPUT -j DROP -p tcp -s ! 127.0.0.0/255.255.255.0 --destination-port'; my $iptil = 'iptables -A INPUT -j LOG -p tcp -s ! 127.0.0.0/255.255.255.0 --destination-port'; my $iptol = 'iptables -A OUTPUT -j LOG'; my $iptfl = 'iptables -A FORWARD -j LOG'; system ("clear"); print "Tirando de la Cadena....\n";
Hm... well first off, it's always better to change the default rule of the table to REJECT and only after that allow the ports you actually use. I know... it's a lot of work, but far more secure, and you learn an awful lot (like not to forget to allow nameserver connects ;-), or if you're doing it remotely, how to charm a malevolent sysadmin into resetting those darn rulesets *g*) Second... -j LOG on everything must produce incredibly large logfiles!? And thirdly, what does "Tirando de la Cadena" mean? :-) c ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-security-basics
Current thread:
- Iptables Clues and Advices. Nahual Guerrero (Apr 03)
- Re: Iptables Clues and Advices. Pierre BETOUIN (Apr 04)
- Re: Iptables Clues and Advices. Christian Friedl (Apr 04)
- Re: Iptables Clues and Advices. Pierre BETOUIN (Apr 04)
- Re: Iptables Clues and Advices. Andreas Happe (Apr 07)
- Re: Iptables Clues and Advices. panth3r (Apr 07)
- Re: Iptables Clues and Advices. Pierre BETOUIN (Apr 04)
- <Possible follow-ups>
- RE: Iptables Clues and Advices. Allan Schon (Apr 07)
- RE: Iptables Clues and Advices. David Gillett (Apr 08)
- RE: Iptables Clues and Advices. Jason Dixon (Apr 08)
- Re: Iptables Clues and Advices. Andres j. Ogayar (Apr 09)
- RE: Iptables Clues and Advices. Steve Bremer (Apr 09)
- Re: Iptables Clues and Advices. Salvatore Poliandro (Apr 10)
- RE: Iptables Clues and Advices. Benjamin Meade (Apr 09)
- RE: Iptables Clues and Advices. David Gillett (Apr 08)