cheated with RH LOKKIT -

Ilya Palagin ilyapalagin-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Wed Mar 24 22:22:17 UTC 2004


Ilya Palagin wrote:
> David Kreuter wrote:
> 
>> I am running RH 9 with 2 noetworks, 24.x.x.x and private 192.168.1.0/24.
>> Want to protect the computer from bad guys.
>> Studied Madison's paper, played around, some good results. Thanks!
>> Used Lokkit and augmented with a few commands.
>> Will the following table protect my linux computer from internet bad 
>> guys?
>> I have opened SSH, FTP, and HTTP port. Would like to keep SSH and FTP 
>> open
>> from the internet but for time being close HTTP from the internet but 
>> still allow it from
>> the 192.
>> Any comments or suggestions on the following iptable?
>> hope my goals are clear.
>> David
>>
>>
>> # Generated by iptables-save v1.2.7a on Wed Mar 24 21:05:04 2004
>> *filter
>> :INPUT ACCEPT [28:30356]
>> :FORWARD ACCEPT [97:19923]
>> :OUTPUT ACCEPT [13615:860396]
> 
> Change default policy to DENY. Currently no packets are filtered.

Sorry, to DROP. I'm doing the initial setup this way:
`iptables --flush`;
`iptables --delete-chain`;
`iptables --zero`;
`iptables -t nat -F PREROUTING`;
`iptables -t nat -F POSTROUTING`;
`iptables -t nat -F OUTPUT`;
`iptables -P INPUT   DROP`;
`iptables -P OUTPUT  DROP`;
`iptables -P FORWARD DROP`;

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list