Security Basics mailing list archives
Re: Iptables Clues and Advices.
From: Pierre BETOUIN <info16 () ifrance com>
Date: 04 Apr 2003 21:32:33 +0200
Le ven 04/04/2003 à 14:06, Christian Friedl a écrit :
Nahual Guerrero <nahual () axis org> writes on Wed, 02 Apr 2003 22:55:55 +0200 (METDST):my $iptfh = 'iptables -F'; my $iptin = 'iptables -A INPUT -j DROP -p tcp -s ! 127.0.0.0/255.255.255.0 --destination-port'; my $iptil = 'iptables -A INPUT -j LOG -p tcp -s ! 127.0.0.0/255.255.255.0 --destination-port'; my $iptol = 'iptables -A OUTPUT -j LOG'; my $iptfl = 'iptables -A FORWARD -j LOG'; system ("clear"); print "Tirando de la Cadena....\n";Hm... well first off, it's always better to change the default rule of the table to REJECT
DROP would be better there because you don't need to prevent attackers that this port is filtered.
and only after that allow the ports you actually use. I know... it's a lot of work, but far more secure, and you learn an awful lot (like not to forget to allow nameserver connects ;-), or if you're doing it remotely, how to charm a malevolent sysadmin into resetting those darn rulesets *g*) Second... -j LOG on everything must produce incredibly large logfiles!? And thirdly, what does "Tirando de la Cadena" mean? :-) c
-- Pierre BETOUIN <info16 () ifrance com>
Attachment:
signature.asc
Description:
Current thread:
- Iptables Clues and Advices. Nahual Guerrero (Apr 03)
- Re: Iptables Clues and Advices. Pierre BETOUIN (Apr 04)
- Re: Iptables Clues and Advices. Christian Friedl (Apr 04)
- Re: Iptables Clues and Advices. Pierre BETOUIN (Apr 04)
- Re: Iptables Clues and Advices. Andreas Happe (Apr 07)
- Re: Iptables Clues and Advices. panth3r (Apr 07)
- Re: Iptables Clues and Advices. Pierre BETOUIN (Apr 04)
- <Possible follow-ups>
- RE: Iptables Clues and Advices. Allan Schon (Apr 07)
- RE: Iptables Clues and Advices. David Gillett (Apr 08)
- RE: Iptables Clues and Advices. Jason Dixon (Apr 08)
- Re: Iptables Clues and Advices. Andres j. Ogayar (Apr 09)
- RE: Iptables Clues and Advices. Steve Bremer (Apr 09)
- Re: Iptables Clues and Advices. Salvatore Poliandro (Apr 10)
- RE: Iptables Clues and Advices. Benjamin Meade (Apr 09)
- Re: Iptables Clues and Advices. Bryan S. Sampsel (Apr 09)
- RE: Iptables Clues and Advices. David Gillett (Apr 08)