Re: Security for Desktop
From: Yan Seiner (yan@oberon.cardinal.lan)Date: 04/12/02
- Next message: Damir: "Re: NAT question"
- Previous message: Bill Hudson: "Re: 139 (samba) port - world open"
- In reply to: Joe Potter: "Re: Security for Desktop"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Yan Seiner" <yan@oberon.cardinal.lan> Date: Thu, 11 Apr 2002 18:37:32 -0400
In article <Mk1t8.165249$y26.25039549@typhoon.tampabay.rr.com>, "Joe
Potter" <jmp@home.org> wrote:
>
> Yan, how does one use iptables to block outgoing stuff --- stuff you
> would be unaware of?
Well, I set up a chain called LOGACCEPT, which logs and accepts a packet.
Then you figure out which services your internal hosts would reasonably
need access to. So I'd say don't worry about SSH, FTP, HTTP, DNS, SMTP,
and so on. Set up a rule for the OUTPUT chain, and the outinterface, that
ACCEPTS those. Send everything else to the LOGACCEPT. For sanity, the
LOGACCEPT should only log every x'th packet, but accept all of them.
That way, when you look at your logs, you can see any strange packets.
--Yan
- Next message: Damir: "Re: NAT question"
- Previous message: Bill Hudson: "Re: 139 (samba) port - world open"
- In reply to: Joe Potter: "Re: Security for Desktop"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
