IPCHAINS Help
Ben Beeson
beesond001 at hawaii.rr.com
Wed Oct 17 01:03:41 PDT 2001
Dusty, Brian and Warren,
Here is what I did to my firewall rules. So far so good... Any
comments would be appreciated.
#DNS Original Firewall Rules
#$IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 53 -j ACCEPT
#$IPCHAINS -A input -p udp -s $REMOTENET -d $OUTERNET 53 -j ACCEPT
#
### Modified 16 Oct 2001 by Ben after suggestions from
"dusty at sandust.com"
# Warren Togami, and Brian Russo
# Some of the LUAU Kahuna...
#
# Goal is to block incoming DNS queries, but allow outgoing queries.
# This means incoming SYN is blocked, but outgoing SYN is not, and
# incoming ACK is not.
#
# Allow my ISP nameserver IP in...Put these in front of REJECT rules
# so they work and allow it in before the REJECT rule kicks in and
bounces it...
#
# Here is a kludge that searches the /etc/resolv.conf file for the lines
# that contain the "nameserver" entries. The kludge is that for my
# particular file, the nameserver entries are lines 2 and 3. From here,
# extract the values and assign them to the $NAMESERVER_IP1 or 2
variables.
#
NAMESERVER_IP1=`egrep -n nameserver /etc/resolv.conf | grep 2: - |gawk
-F" " '{print $2}'`
echo "NAMESERVER_IP1 is $NAMESERVER_IP1"
NAMESERVER_IP2=`egrep -n nameserver /etc/resolv.conf | grep 3: - |gawk
-F" " '{print $2}'`
echo "NAMESERVER_IP2 is $NAMESERVER_IP2"
#
#
$IPCHAINS -A input -p udp -s $NAMESERVER_IP1 -d $OUTERNET 53 -j ACCEPT
$IPCHAINS -A input -p udp -s $NAMESERVER_IP2 -d $OUTERNET 53 -j ACCEPT
#
# DNS REJECT/DENY rules can go here....
# REJECT input udp from everywhere else...
$IPCHAINS -A input -p udp -s $REMOTENET -d $OUTERNET 53 -j REJECT
# Now allow outgoing requests...
$IPCHAINS -A output -p udp -s $REMOTENET -d $OUTERNET 53 -j ACCEPT
#
### End DNS rules changed on 16 Oct
Thanks again for your help,
Ben
Original Message dated 10/16/01, 8:55:56 PM
Author: Ben Beeson <beesond001 at hawaii.rr.com>
Re: [luau] Re: IPCHAINS Help:
Dusty, Brian and Warren,
Thanks for your help. The answer to Warren's question is that I am seeing
a few more port scans on port 53 from the far flung regions of the world
than I want to see. These appear to be coming from places like
Kazakhstan, Beijing, Chekoslovakia etc. Not places where a note to a
sysadmin is likely to have too much effect. So far, my firewall and
portsentry have done well, but I thought I'd try and tighten things down
a bit just in case. I didn't want to "break" anything that already works
in the process though, so I came to the best answer place I could find,
and you guys helped tremendously.
Right now, I just want to tighten up my box a bit, but these questions
are going to help me with my router in the near future, so hopefully my
home LAN that I am building stay just that --- You are currently
subscribed to luau as: beesond001 at hawaii.rr.com To unsubscribe send a
blank email to $subst('Email.Unsub') -- mine ;-))
I'll tinker around a bit over the next few days and let you guys know how
it worked out.
Thanks again,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freesoftwarehawaii.org/pipermail/luau-freesoftwarehawaii.org/attachments/20011017/d8f99bc2/attachment-0001.htm>
More information about the LUAU
mailing list