ipchains - sorry to flog this horse

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Craig White
Date:  
Old-Topics: What shell we do with the Microsoft.....
Subject: ipchains - sorry to flog this horse
thinking that this discussion might be of interest to others and not wanting
to abuse Mike Sheldon or Jean Francois...but I am feeling like by installing
linux systems on the internet, I am lobbing up softballs for weak hitters to
hit out of the park.

1 - if I create a chain ruleset

    default policy deny
    accept TCP/UDP port 25, 110, 80
    reject TCP/UDP ports 1:1024


    does this adequately protect all but mail & www from things
    like BIND & FTP exploitation attacks?


2 - does it then make sense to use tcpd to protect the exposed services?

    example


    hosts.deny
    ALL:ALL


    hosts.allow
    ipop3d:localnetwork & specific.hosts.for.internet.access
    httpd:ALL


3 - Any other suggestions?

Craig

----:----|----:----|----:----|----:----|----:----|----:----|
- Craig White - PO Box 8634 - Scottsdale, Arizona - 85252
- e-mail address ................ -
- world wide web address ........ - http://www.AzApple.com
- e-mail my pager address ....... -
- cellular phone ................ - (602) 377-9752
- voice/facsimile ............... - (480) 945-8445
----:----|----:----|----:----|----:----|----:----|----:----|