[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Calling all IPChain Gurus
- Subject: Re: [cobalt-security] Calling all IPChain Gurus
- From: "Edward Cruz" <edward.cruz@xxxxxxxxx>
- Date: Thu, 27 Sep 2001 12:01:00 -0700
- Organization: Eiron
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
You can also look into PMFirewall. It's an excellent, extremely easy-to-use
IPChains configuration tool.
----- Original Message -----
From: "Lawrence Frewin of Accommodation.com" <Lawrence@xxxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Thursday, September 27, 2001 11:24 AM
Subject: Re: [cobalt-security] Calling all IPChain Gurus
> Check out the following thread on the UK2 egroups message board:
>
> http://groups.yahoo.com/group/raq/message/9531
>
> The firewall-on script does a reasonable job of setting up IPchains for
> basic usage.
>
> There have been some recent changes to the recommended setup, try
searching
> the message board for firewall-on.
>
> Regards
>
> Lawrence
>
>
>
>
>
> ----- Original Message -----
> From: "Domain Guy" <domain_dump@xxxxxxxxxxx>
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Sent: Thursday, September 27, 2001 6:17 PM
> Subject: [cobalt-security] Calling all IPChain Gurus
>
>
> > Pardon the obviously wanker address, but I wish to keep the current
state
> of
> > our site's security (or lack thereof) less than well known.
> >
> > --
> >
> > After scouring dozens of helpful posts and resources I am finally
> beginning
> > to get a bit of handle on IPChains. Which is to say that I am still
> fairly
> > lost ;)
> >
> > So far, I am using the rules generated via the firwall configurator
found
> > at:
> >
> > http://www.linux-firewall-tools.com/linux/firewall/index.html
> >
> > I am still uncertain if the rules that are set are appropriate. I am
> > looking for a set of IPChain commands that I can run via a shell script
> that
> > will reject (with logging?) everything, with the exception of the
> following:
> >
> >
> > - allow FTP access *to* the machine but only from a priviledged IP
> >
> > - allow FTP access *from* the machne (to get files etc.)
> >
> > - allow mail to get to the machine (this box will run sendmail with POP
> > clients accessing it)
> >
> > - allow mail to get out (not only will the webserver send mail, but so
> will
> > POP clients)
> >
> > - allow SSH access (to and from the machine)
> >
> > - allow DNS to operate (this box is a web server that will also act as
its
> > primary dns, at least to start)
> >
> > - allow web in, including SSL access and also admin access (port 81)
> >
> > - allow web out (command line lynx, wget etc.)
> >
> >
> > Basically your standard web server/small time web host setup.
> >
> > Any input would be extremely helpful, and would go towards a
> > mini-cobalt-as-webserver/webhost-ipchains FAQ that I will eventually
> > compile... if this doesn't first drive me batty instead.
> >
> > Best regards,
> > Gordon
> >
> >
> >
> >
> >
> > _________________________________________________________________
> > Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp
> >
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>