[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Calling all IPChain Gurus

Subject: Re: [cobalt-security] Calling all IPChain Gurus
From: "Lawrence Frewin of Accommodation.com" <Lawrence@xxxxxxxxxxxxxxxxx>
Date: Thu, 27 Sep 2001 19:24:02 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Check out the following thread on the UK2 egroups message board:

http://groups.yahoo.com/group/raq/message/9531

The firewall-on script does a reasonable job of setting up IPchains for
basic usage.

There have been some recent changes to the recommended setup, try searching
the message board for firewall-on.

Regards

Lawrence





----- Original Message -----
From: "Domain Guy" <domain_dump@xxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Thursday, September 27, 2001 6:17 PM
Subject: [cobalt-security] Calling all IPChain Gurus


> Pardon the obviously wanker address, but I wish to keep the current state
of
> our site's security (or lack thereof) less than well known.
>
> --
>
> After scouring dozens of helpful posts and resources I am finally
beginning
> to get a bit of handle on IPChains.  Which is to say that I am still
fairly
> lost ;)
>
> So far, I am using the rules generated via the firwall configurator found
> at:
>
> http://www.linux-firewall-tools.com/linux/firewall/index.html
>
> I am still uncertain if the rules that are set are appropriate.  I am
> looking for a set of IPChain commands that I can run via a shell script
that
> will reject (with logging?) everything, with the exception of the
following:
>
>
> - allow FTP access *to* the machine but only from a priviledged IP
>
> - allow FTP access *from* the machne (to get files etc.)
>
> - allow mail to get to the machine (this box will run sendmail with POP
> clients accessing it)
>
> - allow mail to get out (not only will the webserver send mail, but so
will
> POP clients)
>
> - allow SSH access (to and from the machine)
>
> - allow DNS to operate (this box is a web server that will also act as its
> primary dns, at least to start)
>
> - allow web in, including SSL access and also admin access (port 81)
>
> - allow web out (command line lynx, wget etc.)
>
>
> Basically your standard web server/small time web host setup.
>
> Any input would be extremely helpful, and would go towards a
> mini-cobalt-as-webserver/webhost-ipchains FAQ that I will eventually
> compile... if this doesn't first drive me batty instead.
>
> Best regards,
> Gordon
>
>
>
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security

Follow-Ups:
- Re: [cobalt-security] Calling all IPChain Gurus
  - From: Edward Cruz

References:
- [cobalt-security] Calling all IPChain Gurus
  - From: Domain Guy

Prev by Date: RE: [cobalt-security] chkrootkit - integer expression expected before -gt
Next by Date: RE: [cobalt-security] chkrootkit - integer expression expected before -gt
Previous by thread: [cobalt-security] Calling all IPChain Gurus
Next by thread: Re: [cobalt-security] Calling all IPChain Gurus

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index