[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Basic IPTables rules for RaQ550
- Subject: Re: [cobalt-security] Basic IPTables rules for RaQ550
- From: Eric Frisch <ericf@xxxxxxxxxxx>
- Date: 03 Mar 2003 09:10:32 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Sun, 2003-03-02 at 15:25, Michelle A. Hoyle wrote:
> I'd worked myself up a nice set of ipchains rules for the RaQ4 over
> the years that disallowed various kinds of services I wasn't running
> (stupid ASP server for one), but I'm having trouble coming up with a
> similar set for IPTables. There doesn't seem to be as much good
> documentation how-to's for IPTables as for ipchains. Does someone
> have a basic set of IPTable rules they'd be willing to share for a
> RaQ550?
>
Why not use gShield, default policy is to drop everything except maybe
ident. You just enable the services you need using a very well
documented set of configuration files. You can add the odd custom rule
yourself as well. The only place I have had trouble is the default
policy is to log the drop events for hosts you place in the blacklist,
dropping hundreds of packets a second from a rogue site will overwhelm
the Raq with logging activity. You can do an sh -x on the gShield rc
file to see all the rules generated if you want to sanity check the
thing.
http://muse.linuxmafia.org/gshield.html
Eric
> Thanks!
>
> Michelle
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security