cheated with RH LOKKIT -
Ilya Palagin
ilyapalagin-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Wed Mar 24 22:22:17 UTC 2004
Ilya Palagin wrote:
> David Kreuter wrote:
>
>> I am running RH 9 with 2 noetworks, 24.x.x.x and private 192.168.1.0/24.
>> Want to protect the computer from bad guys.
>> Studied Madison's paper, played around, some good results. Thanks!
>> Used Lokkit and augmented with a few commands.
>> Will the following table protect my linux computer from internet bad
>> guys?
>> I have opened SSH, FTP, and HTTP port. Would like to keep SSH and FTP
>> open
>> from the internet but for time being close HTTP from the internet but
>> still allow it from
>> the 192.
>> Any comments or suggestions on the following iptable?
>> hope my goals are clear.
>> David
>>
>>
>> # Generated by iptables-save v1.2.7a on Wed Mar 24 21:05:04 2004
>> *filter
>> :INPUT ACCEPT [28:30356]
>> :FORWARD ACCEPT [97:19923]
>> :OUTPUT ACCEPT [13615:860396]
>
> Change default policy to DENY. Currently no packets are filtered.
Sorry, to DROP. I'm doing the initial setup this way:
`iptables --flush`;
`iptables --delete-chain`;
`iptables --zero`;
`iptables -t nat -F PREROUTING`;
`iptables -t nat -F POSTROUTING`;
`iptables -t nat -F OUTPUT`;
`iptables -P INPUT DROP`;
`iptables -P OUTPUT DROP`;
`iptables -P FORWARD DROP`;
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list