[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Calling all IPChain Gurus
- Subject: [cobalt-security] Calling all IPChain Gurus
- From: "Domain Guy" <domain_dump@xxxxxxxxxxx>
- Date: Thu, 27 Sep 2001 17:17:03 +0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Pardon the obviously wanker address, but I wish to keep the current state of
our site's security (or lack thereof) less than well known.
--
After scouring dozens of helpful posts and resources I am finally beginning
to get a bit of handle on IPChains. Which is to say that I am still fairly
lost ;)
So far, I am using the rules generated via the firwall configurator found
at:
http://www.linux-firewall-tools.com/linux/firewall/index.html
I am still uncertain if the rules that are set are appropriate. I am
looking for a set of IPChain commands that I can run via a shell script that
will reject (with logging?) everything, with the exception of the following:
- allow FTP access *to* the machine but only from a priviledged IP
- allow FTP access *from* the machne (to get files etc.)
- allow mail to get to the machine (this box will run sendmail with POP
clients accessing it)
- allow mail to get out (not only will the webserver send mail, but so will
POP clients)
- allow SSH access (to and from the machine)
- allow DNS to operate (this box is a web server that will also act as its
primary dns, at least to start)
- allow web in, including SSL access and also admin access (port 81)
- allow web out (command line lynx, wget etc.)
Basically your standard web server/small time web host setup.
Any input would be extremely helpful, and would go towards a
mini-cobalt-as-webserver/webhost-ipchains FAQ that I will eventually
compile... if this doesn't first drive me batty instead.
Best regards,
Gordon
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp