ipchains - sorry to flog this horse
Craig White
CraigWhite@AzApple.com
Fri, 31 Mar 2000 10:32:15 -0700
thinking that this discussion might be of interest to others and not wanting
to abuse Mike Sheldon or Jean Francois...but I am feeling like by installing
linux systems on the internet, I am lobbing up softballs for weak hitters to
hit out of the park.
1 - if I create a chain ruleset
default policy deny
accept TCP/UDP port 25, 110, 80
reject TCP/UDP ports 1:1024
does this adequately protect all but mail & www from things
like BIND & FTP exploitation attacks?
2 - does it then make sense to use tcpd to protect the exposed services?
example
hosts.deny
ALL:ALL
hosts.allow
ipop3d:localnetwork & specific.hosts.for.internet.access
httpd:ALL
3 - Any other suggestions?
Craig
----:----|----:----|----:----|----:----|----:----|----:----|
- Craig White - PO Box 8634 - Scottsdale, Arizona - 85252
- e-mail address ................ - CraigWhite@AzApple.com
- world wide web address ........ - http://www.AzApple.com
- e-mail my pager address ....... - 6023779752@airtouch.net
- cellular phone ................ - (602) 377-9752
- voice/facsimile ............... - (480) 945-8445
----:----|----:----|----:----|----:----|----:----|----:----|