cheated with RH LOKKIT -

Thu Mar 25 02:34:46 UTC 2004

I am running RH 9 with 2 noetworks, 24.x.x.x and private 192.168.1.0/24.
Want to protect the computer from bad guys.
Studied Madison's paper, played around, some good results. Thanks!
Used Lokkit and augmented with a few commands.
Will the following table protect my linux computer from internet bad guys?
I have opened SSH, FTP, and HTTP port. Would like to keep SSH and FTP open
from the internet but for time being close HTTP from the internet but 
still allow it from
the 192.
Any comments or suggestions on the following iptable?
hope my goals are clear.
David

# Generated by iptables-save v1.2.7a on Wed Mar 24 21:05:04 2004
*filter
:INPUT ACCEPT [28:30356]
:FORWARD ACCEPT [97:19923]
:OUTPUT ACCEPT [13615:860396]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK 
SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK 
SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK 
SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -p udp -m udp --sport 67:68 --dport 
67:68 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth1 -p udp -m udp --sport 67:68 --dport 
67:68 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -s 24.153.22.195 -p udp -m udp --sport 53 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -s 24.153.22.67 -p udp -m udp --sport 53 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j 
REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT --reject-with 
icmp-port-unreachable
COMMIT

# Completed on Wed Mar 24 21:05:04 2004
# Generated by iptables-save v1.2.7a on Wed Mar 24 21:05:04 2004
*nat
:PREROUTING ACCEPT [95:6907]
:POSTROUTING ACCEPT [242:14512]
:OUTPUT ACCEPT [241:14460]
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Wed Mar 24 21:05:04 2004

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml