[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] RE: Ipchains rule set
- Subject: [cobalt-security] RE: Ipchains rule set
- From: "Jon" <jjma@xxxxxxxxxxxxxx>
- Date: Mon, 14 Apr 2003 10:11:32 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hello,
> Playing around with ipchains (thanks for the pkg bruce !! ;-)) now. And I
> am wondering if someone who has a succesfull rule set configured
> is willing
> to share it.
> Any tips, pointers and hints are welcome also.
I have always found this link very useful and I use the pmfirewall +
pmfirewall ruleset on my server. It's an easy configuration and helpful:
http://linux.cvf.net/
Best of luck and remember to work in test mode before committing to the
ruleset.i.e in your pmfirewall setup.:
## Set default policy
$IPCHAINS -A output -j ACCEPT
$IPCHAINS -A input -j DENY -l
#========== start patch ===============
# disable after $TTF seconds.
TTF=300 #This line defines the number of seconds firewall starts for.
(0 = forever)
if test $TTF -gt 0
then
echo "Firewall rules runing for $TTF seconds"
(sleep $TTF;
/etc/rc.d/init.d/pmfirewall stop \
) &
else
echo "Firewall rules running for ever"
fi
#=========== end patch ===============
echo " Done!"
regards
Jon