[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] [RaQ3] Port Sentry
- Subject: RE: [cobalt-security] [RaQ3] Port Sentry
- From: "Benoit Perreault" <liste@xxxxxxxxxxxxx>
- Date: Fri, 15 Jun 2001 08:55:11 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Whit a Qube3 we have some firewall rules already in there when we setup-up
the GUI, how do you tell the system to remake them ?
Thank's
------
Benoit Perreault
mailto:bperreault@xxxxxxxxxxxxx
Névé Réfrigération Inc
Longueuil, Québec, Canada
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Michael
Stauber
Sent: Monday, June 11, 2001 10:00
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] [RaQ3] Port Sentry
Hi Kevin,
> Now this I like. I've actually considered setting up something like this
> myself... care to share that config and script?
Sure, no problem. But I'll have to leave out the randomized restart routine
for NDA reasons <sigh>. Just bind this script to a cronjob that will run
several times a day (1-3 times for instance) and you're there almost as
good.
Make sure you understand what the script does before you attempt to use it!
For instance: If you don't have SSH installed, then you will no longer be
able to get to the shell, as it'll block the telnet port! :o)
#!/bin/sh
# This script makes sure that Portsentry does not generate
# too many false alerts. It also makes sure that Portsentry is
# restarted periodically. When that happens existing
# Firewall rules will be flushed. So if a customer accidentially
# blocked himself, then a flush of the ruleset will make
# sure that he can get in again after a considerable wait.
# For questions ask cobalt@xxxxxxxxxxxxxx
# Stop all instances of Portsentry:
killall -9 portsentry
# Flush all existing Firewall rules
/sbin/ipchains -F
#Deny Telnet permanently (only if you have SSH!):
/sbin/ipchains -A input -l -i eth0 -d 0/0 23 -p tcp -j DENY
# Deny TCP and UDP packets to certain ports:
/sbin/ipchains -A input -i eth0 -d 0/0 137:139 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 137:139 -p tcp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 68 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 67 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 123 -p udp -j DENY
/sbin/ipchains -A input -i eth0 -d 0/0 161 -p udp -j DENY
# Remove portsentry history file:
rm /usr/local/psionic/portsentry/portsentry.blocked.*
# Restart Portsentry in both ATCP and AUDP mode:
/usr/local/psionic/portsentry/portsentry -atcp
/usr/local/psionic/portsentry/portsentry -audp
# Say something nice and exit gracefully:
echo "Firewall rules flushed and Portsentry restarted"
--
Mit freundlichen Grüßen / Best regards
Michael Stauber
Stauber Multimedia Design ____ Phone: +49-6471-923812
Hauptstrasse 31 ______ D-56244 Goddert ______ Germany
SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security