Network Security: Detailed info on RE: iptables & tcp wrappers

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Linux

[Top] [All Lists]

RE: iptables & tcp wrappers

from [Whelan, Paul] Network Security

[Permanent Link]

Subject:	RE: iptables & tcp wrappers
Date:	Mon, 11 Oct 2004 12:23:02 -0400

On 2004-09-29 harry wrote:

Whelan, Paul wrote:

"iptables -L --line-numbers" will show you the line numbers of the
rules.
"iptables -A INPUT -p tcp -s ! ONLY_IP_YOU_WANT --dport 22 -j DROP"

will

block every connection to port 22 except ONLY_IP_YOU_WANT.


not really... a good firewall (IMHO) drops everything, rejects auth 
(nasty timeouts on ftp, irc, ... if you just drop auth), and accepts 
these 4(or 5) icmp requests:
"source-quench"
"parameter-problem"
"time-exceeded"
"destination-unreachable"
and your clients probably want the "echo-request" too :)


Just so it's clear...
The question wasn't in regards to what was a "good" firewall.  The
question was about asking how to only allow a certain ip to connect to
port 22 and reject the rest.  That rule will do that and do it well.
Trust me.  Try it on your server and see.
If the scope of the question was "What makes a good firewall?". Then
that would have been more than a single rule. <obviously>.
Thanks,
Paul

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: iptables & tcp wrappers, (continued) Re: iptables & tcp wrappers, Thomas Chiverton Re: iptables & tcp wrappers, Luis M Re: iptables & tcp wrappers, Thomas Chiverton Re: iptables & tcp wrappers, Luis M Re: iptables & tcp wrappers, Matthew Baker Re: iptables & tcp wrappers, George Theall RE: iptables & tcp wrappers, Marcus.Zoller Re: iptables & tcp wrappers, Ansgar -59cobalt- Wiechers Re: iptables & tcp wrappers, Ansgar -59cobalt- Wiechers Re: iptables & tcp wrappers, TJ Easter RE: iptables & tcp wrappers, Whelan, Paul <=

Previous by Date:	Re: iptables & tcp wrappers, Ansgar -59cobalt- Wiechers
Next by Date:	Re: iptables & tcp wrappers, TJ Easter
Previous by Thread:	Re: iptables & tcp wrappers, TJ Easter
Next by Thread:	Idle session logout, Ben Nelson
Indexes:	[Date] [Thread] [Top] [All Lists]