Re: iptables & tcp wrappers

From: secmgr (security_at_jim-liesl.org)
Date: 09/28/04

  • Next message: Tom Walsh: "Re: iptables & tcp wrappers"
    To: Meatplow <greg@meatplow.com>
    Date: 27 Sep 2004 21:17:00 -0600
    
    

    Check, but I believe that your sshd (the daemon) is compiled against
    libwrap. What this means is that there should be a /etc/hosts.allow
    file that will let you only allow access to the daemon from specified
    ip's. It's not a total solution, but it will cut down the noise quite a
    bit.

    jim
    On Fri, 2004-09-24 at 14:57, Meatplow wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    >
    > Hello.
    >
    > I'm running RH Enterprise edition.
    >
    > I'm relatively new to iptables. I am getting the common intrusion
    > attempts with some of the common uses of test/guest/root/ and a
    > couple others I've been able to add the IPs to the to iptables.,
    > but
    > I'd really like a log that tells me the info that I want to know.
    >
    > My basic input command is this :
    > #iptables -A INPUT -p tcp -s PUT_IP_HERE -d 0/0 --syn -j DROP
    >
    > iptables seem a little convoluted. Example. To delete a line -
    > supposedly give it a line and it will be deleted/modified. My
    > problem is even with #iptable -L -v there is no line number ?
    >
    > My goal is to block all incoming ssh attempts except IP#.
    > This is where I got into hosts.allow/deny as mentioned below.
    >
    > I've tried to find many different types of commands and it works to
    > some degree, but not the way I'd expect it to.
    >
    > Any help would be appreciated. I'm not completely sure that I
    > understand iptables as well as I want/need to. I've also toyed
    > around with the hosts.allow/hosts.deny and have not been successful.
    >
    >
    >
    > I know that there is a lot of info in here, and I'm tired. I'll
    > leave it at that
    >
    >
    > Thanks in advance for your time and help.
    >
    > Meatplow
    > greg ta meatplow.com
    >
    >
    > Thanks again.
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
    >
    > iQA/AwUBQVSBsR42gIcyjrnjEQJIqwCfWAShp7r+J1XNNjQq6sbvvD03WZ8AoNrg
    > ctQ837g5pQDafgBhTTeeMr1V
    > =niWK
    > -----END PGP SIGNATURE-----
    >
    >


  • Next message: Tom Walsh: "Re: iptables & tcp wrappers"

    Relevant Pages

    • Re: hardening SSH
      ... I checked my secure log file (on the daemon box), ... Btw, I figured out how to set up iptables to use a non-default port, and ... Denyhosts is a program that automatically puts ... the port on mine. ...
      (Fedora)
    • Re: iptables and DHCP
      ... daemon is hooking the packets before iptables sees them. ... To make sure it is this and not your rules, repeat the test without them and everything set to drop. ... If you really don't want it to see them, then you may be able to use an ingress policer to catch them earlier than the daemon - but that will also hook in different places depending on kernel config, and you'll ...
      (uk.comp.os.linux)
    • Re: Is this a tcpwrapper bug?
      ... command language to learn :-). ... about 1/10th as obscure as the iptables commands). ... using the iptables approach doesn't require yet another daemon to be ...
      (Fedora)
    • Re: Where do I look for networking stuff
      ... iptables has a quite many ways to examine packages sent. ... You may need to compile kernel modules to do what you need, ... You have a daemon that keeps check your net traffic logs and then modify the ...
      (alt.linux)
    • Re: iptables & tcp wrappers
      ... if you need to restrict ssh for everyone except those you trust, ... the iptables LOG target. ... I am getting the common intrusion ... M> My basic input command is this: ...
      (Focus-Linux)