Home page logo
/

basics logo Security Basics mailing list archives

Re: Basic rules for IPTABLES protection
From: Pierre BETOUIN <info16 () unsigned ath cx>
Date: 26 Nov 2002 19:26:25 +0100

You can check the IP with the interface :
When u rcv a packet from the external interface, deny packets which come
with local IP (192.168.XXX.XXX or 172.16.XXX.XXX or others as non
routing IP : 10.0.0.10,etc.)

U can also just allow locals IP (if people don't have to send mail out
from your LAN)
And then, if you use a SMTP relay, just add its @ and deny others from
external interface.

Another good thing is to control the TCP/IP sequence and to check the
tcp hand shake (--tcp-flags SYN,ACK,RST SYN)

maybe, u'll want to add:
iptables -A INPUT -m state --state NEW,RELATED -p tcp --syn -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED -p tcp ! --syn -j ACCEPT



I hope it was what u need.

        Pierre BETOUIN

Le sam 23/11/2002 à 07:27, Erick Arturo Perez Huemer a écrit :
I am about to install a RedHat 8.0 box with iptables to act as our
firewall for our internal network that consists of 20 machines.

Besides doing a -j drop on our external interface when receives a
packet
with source equal to our internal network, what other measures we have
to take?

We do host an SMTP server but nothing else. I have read about blocking
10.x.x.x addresses but also read that "some" routers/sites use those
addresses. Any anti-DoS rules? More settings?

Or maybe a link to a site that offers suggestion for proper firewall
configurations....

Thanks in advance,

Erick.
-- 
Pierre BETOUIN <info16 () unsigned ath cx>
-- 
Pierre BETOUIN <info16 () unsigned ath cx>


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]