Re: Basic rules for IPTABLES protection

From: Patrick Benson (benson@chello.se)
Date: 11/25/02

  • Next message: sanjay.patel@rexwire.com: "RE: Part of the web page being MODIFIED !"
    Date: Mon, 25 Nov 2002 22:35:45 +0100
    From: Patrick Benson <benson@chello.se>
    To: security-basics@securityfocus.com
    
    

    Erick Arturo Perez Huemer wrote:
    >
    > I am about to install a RedHat 8.0 box with iptables to act as our
    > firewall for our internal network that consists of 20 machines.
    >
    > Besides doing a -j drop on our external interface when receives a packet
    > with source equal to our internal network, what other measures we have
    > to take?
    >
    > We do host an SMTP server but nothing else. I have read about blocking
    > 10.x.x.x addresses but also read that "some" routers/sites use those
    > addresses. Any anti-DoS rules? More settings?
    >
    > Or maybe a link to a site that offers suggestion for proper firewall
    > configurations....
    >
    > Thanks in advance,
    >
    > Erick.

    Why not take a look at Tom Eastep's Shorewall:
    http://www.shorewall.net/

    Excellent documentation available, along with the author's reliable
    support on the mailing lists which cover anything having to do with
    configuring an iptables/firewall box like yours.

    Best regards,

    -- 
    Patrick Benson
    Stockholm, Sweden
    


    Relevant Pages

    • Re: iptables woes
      ... my complete firewall script is below. ... #This is my Iptables script. ... INTRA="192.168.0.1/24" # Private Internal Network IP Range ...
      (comp.os.linux.security)
    • RE: Networking question
      ... For users of Fedora Core releases ... Is this a firewall thing or DNS? ... I thought this might be more an iptables issue but didn't want to go off in ... some internal network address rather than 'localhost'. ...
      (Fedora)
    • Re: iptables
      ... > I want to build a firewall using iptables. ... > from the outside except the SSH, POP, IMAP and SMTP ports. ... > be able to access the internet, but not the internal network, that ...
      (comp.os.linux.security)
    • Firewall *almost* working!
      ... Thanks to the help of the people in this newsgroup we have our firewall ... We can now browse the internet from our internal network ... iptables -P FORWARD ACCEPT ...
      (comp.os.linux.security)
    • Re: Feedback solicited - best way to harden a mail/web server?
      ... Was the system protected by a properly configured firewall? ... it's not a bad "starting point" and it can generate an IPtables rule ... > nor is there a web or ftp server; aside from that I haven't tried to secure ... Before I'll install some nifty application ...
      (comp.os.linux.security)