[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] ipchains adding to rc.local
- Subject: [cobalt-security] ipchains adding to rc.local
- From: Scott F <scott_falco@xxxxxxxxx>
- Date: Wed, 25 Jul 2001 13:54:19 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
>is this correct so the list must look like this:
>
>/sbin/ipchains -I input -s 203.232.240.215 -j DENY -l
>/sbin/ipchains -I input -s 63.25.226.171 -j DENY -l
>fi
Here's another possible solution.
If you're not running a firewall (but have IPChains
installed), then try this little script -which is
actually taken from a firewall and is used to lockout
your network ghouls. Just install the script under
/etc/rc.d and chmod the script to 700. Then make sure
you have a rc.firewall.blocked file under the same
/etc/rc.d directory, which is where you'll drop in
your ghoul IP ranges (watch line wraps in the script).
#!/bin/sh
# Network Ghouls
# Deny access to jerks
# --------------------
# /etc/rc.d/rc.firewall.blocked contains a list of
# ipchains -A input -s address -j DENY
# rules to block from any access.
# Refuse any connection from problem sites
if [ -f /etc/rc.d/rc.firewall.blocked ]; then
deny_file="/etc/rc.d/rc.firewall.blocked"
temp_file="/tmp/temp.ip.addresses"
cat $deny_file | sed -n -e "s/^[
]*\([0-9.]*\).*$/\1/p" \
| awk ' $1 ' > $temp_file
while read ip_addy
do
case $ip_addy in
*) ipchains -A input -s $ip_addy -j DENY
ipchains -A input -d $ip_addy -j DENY
ipchains -A output -s $ip_addy -j REJECT
ipchains -A output -d $ip_addy -j REJECT
;;
esac
done < $temp_file
rm -f $temp_file > /dev/null 2>&1
unset temp_file
unset deny_file
fi
In the rc.firewall.blocked file, you can even go for
the broader scope and block out the entire IP range if
they're a real pain in the ass -like this:
203.232.240.255/32
63.25.226.255/32
That's all you need to drop into the
rc.firewall.blocked file. No need to enter the other
stuff (/sbin/ipchains -I input -s 203.232.240.215 -j
DENY -l) as that's what the ghouls script does for
you.. Just start the ghoul script as
./what-ever-you-name-it from the /etc/rc.d/ directory.
The ghoul script will protect your machine in both
directions (in/out) where the method you mentioned
only works for inward bound traffic.
Good luck!
Scott
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/