Results 1 to 2 of 2

Thread: firewall query

  1. #1

    firewall query

    hello linux gurus i am a complete noob on linux (doing college course to help) and have firewall problem, i need to do the following report:
      • Full egress and ingress filtering (i.e. defaults are all REJECT)
      • The machine has only one network connection, eth0.
      • The machine runs ssh, telnet, apache, and qmail.
      • It should be able to surf the web, send email, and make DNS lookups.
      • The apache user should not be allowed to surf the web
    You should make the rest of the rules as security focused (and sensible) as possible.
    now this is what i have so far:
    iptables F INPUT
    iptables F OUTPUT
    iptables F FORWARD `
    # -F flushes the tables, no rules set

    iptables P INPUT REJECT
    iptables P OUTPUT REJECT
    iptables P FORWARD REJECT
    # -P sets the policy, REJECT deletes packets and terminates, however sends back a #ICMP message to sender (shows info about firewall ruleset)

    iptables A INPUT p tcp --sport 22 j ACCEPT
    iptables A INPUT p tcp --sport 23 j ACCEPT

    iptables A INPUT p tcp --sport http j ACCEPT
    iptables A INPUT p tcp --sport smtp j ACCEPT
    iptables A INPUT -p udp --sport ns_addr j ACCEPT
    #assuming DNS nameserver is ns_addr
    iptables A OUTPUT state --state NEW p tcp --sport 80 m owner uid-owner=apache j DROP
    have not run any of it yet (forgot college login details)so just need to know if the above will work or does it need changing
    thanks for any help

  2. #2
    Administrator Advisor peter's Avatar
    Join Date
    Apr 2004
    Posts
    882
    The main site www.linuxhomenetworking.com has a tutorial on most of this. The tutorial explains how to allow / deny incoming and outgoing connections.

    FYI - INPUT covers incoming connections, so the destination dport not source sport should be used.

Similar Threads

  1. Query regarding libnetfilter_queue usage
    By vragukumar in forum Linux - Software, Applications & Programming
    Replies: 0
    Last Post: 01-07-2010, 09:37 PM
  2. Query Mac Address
    By Tuxy in forum Linux - Software, Applications & Programming
    Replies: 2
    Last Post: 05-18-2006, 08:37 PM
  3. set up disk query
    By jar in forum Linux - General Topics
    Replies: 5
    Last Post: 04-01-2006, 02:29 AM
  4. A SIMPLE QUERY
    By perpetualnewbie in forum Windows - General Topics
    Replies: 0
    Last Post: 12-02-2005, 10:29 AM
  5. SQL Query
    By jimmyfo in forum Windows - General Topics
    Replies: 0
    Last Post: 06-13-2005, 02:53 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •