[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] ipchains?
- Subject: RE: [cobalt-security] ipchains?
- From: "Eric Frisch" <ericf@xxxxxxxxxxx>
- Date: Tue, 29 May 2001 09:51:28 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Just did this on a Raq4r and it is a breeze . . .
Firewalling is enabled in the Cobalt distributed kernel which makes things
fairly straightforward.
You can verify your kernel config, the file /proc/net/ip_fwchains should
exist.
Get and build ipchains: (simple and clean build, just follow the
instructions)
http://netfilter.filewatcher.org/ipchains/
In terms of building rules I like gShield, well documented and quite
flexible:
(Version 1 (under old versions) is for ipchains, don't get version 2 as it
is for iptables in the 2.4 kernel.)
http://muse.linuxmafia.org/gshield.html
Be VERY careful when defining those first rules or you could lock yourself
out of the box.
i.e. make sure there are some suitable IPs in client-hosts and add port 81
and maybe 22 as required to client-services.
Hope this helps . . .
Eric
> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Brad Hubbard
> Sent: May 28, 2001 8:44 PM
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: [cobalt-security] ipchains?
>
>
> Can someone run me through the procedure to get ipchains up and running on
> RaQ4i?
>
> TIA.
>
> Brad Hubbard
> Congo Systems
> 12 Northgate Drive,
> Thomastown, Victoria, Australia 3074
> Email: brad@xxxxxxxxxxxxxxxx
> Ph: +61-3-94645981
> Fax: +61-3-94645982
> Mob: +61-419107559
>
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>