ipchains - sorry to flog this horse

Top Page
This message is part of the following thread:
M----\the complete thread tree sorted by date
M\...MMCraig White at <-
MM\.MMsinck@corp.quepasa.com at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: CraigWhiteCraigWhite@AzApple.com
Date:  
Subject: ipchains - sorry to flog this horse
thinking that this discussion might be of interest to others and not wanting
to abuse Mike Sheldon or Jean Francois...but I am feeling like by installing
linux systems on the internet, I am lobbing up softballs for weak hitters to
hit out of the park.

1 - if I create a chain ruleset 

    default policy deny
    accept TCP/UDP port 25, 110, 80
    reject TCP/UDP ports 1:1024


    does this adequately protect all but mail & www from things
    like BIND & FTP exploitation attacks?


2 - does it then make sense to use tcpd to protect the exposed services? 

    example


    hosts.deny
    ALL:ALL


    hosts.allow
    ipop3d:localnetwork & specific.hosts.for.internet.access
    httpd:ALL


3 - Any other suggestions?

Craig

----:----|----:----|----:----|----:----|----:----|----:----|
- Craig White - PO Box 8634 - Scottsdale, Arizona - 85252
- e-mail address ................ -
- world wide web address ........ - http://www.AzApple.com
- e-mail my pager address ....... -
- cellular phone ................ - (602) 377-9752
- voice/facsimile ............... - (480) 945-8445
----:----|----:----|----:----|----:----|----:----|----:----|





This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-ipchains - sorry to flog this horseipchains - sorry to flog this horse->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)