Am 18. Feb, 2004 schwätzte
elemint@hotpop.com so:
> On a snort box of mine that connects to the outside world ACID is
> reporting bad loopback traffic and the url I am pointed to is below.
> Recomending to setup egress filtering.
Hmmm. Loopback is 127.0.0.1.
Egress filtering is about making sure traffic 'from' one network doesn't
come from a different network.
> I have used fwbuilder to build my firewall scripts.
I believe fwbuilder defaults to doing the right thing.
> I allow all traffic on my loopback adapter but I do not allow my
> loopback out to the outside world from what I can tell.
>
> How can I confirm that I am not allowing loopback traffic out to the
> outside world and that egress filtering is in place?
Look at the rules created by fwbuilder.
Let's say that your internal network uses 192.168.0.0/24 and is on eth0 and
that your external addy is 1.2.3.4/28 on eth1.
You should have a rule blocking incoming traffic from 192.168.0.0/24 on
eth1.
You should have a rule blocking outgoing traffic to 192.168.0.0/24 on eth1.
You should have a rule blocking incoming traffic from anything other than
192.168.0.0/24 on eth0.
You should have a rule blocking outgoing traffic to anything other than
192.168.0.0/24 on eth0.
You should also block traffic out to 10.0.0.0/8 and the rest of
192.168.0.0/16 and a bunch of other things. I think fwbuilder automagically
includes all that.
ciao,
der.hans
--
# https://www.LuftHans.com/ http://www.AZOTO.org/
# If you're not learning, you're not living. - der.hans
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)