Richard's Diary

Saturday, December 20, 2008


In Sander's excellent book, he recommends putting together a list of interfaces (public/private), service/protocol, direction (inbound:input/outbound:output). Then it becomes a simple matter of translating it to rules.

For a server, for each service, you'll usually have to configure at least 2 rules, one for each direction. Recommended services are [command/protocol] ping/ICMP, nslookup/UDP, wget/HTTP, SSH. Then one needs to add rules to prevent DoS attacks and add logging.

Next steps:
  1. Make sure iptables is running
    1. Leverage /sbin/SuseFirewall2 to have it run at boot on a brand new machine
    2. "chkconfig iptables on" to start iptables at boot but how long is system exposed before iptables is on?
  2. "iptables -L --verbose" shows current configuration or "iptables-save > tempfile" dumps to configuration file format (confirm format with "service iptables save"
  3. Define rules in that file
  4. Populate rules into service
    1. manually at command line or
    2. with script or
    3. with iptables-restore < /etc/sysconfig/iptables this eliminates need to flush iptables with iptables -F
  5. Then permanently save it with "service iptables save"

Random notes:
  1. service -s lists the current status
  2. chkconfig -l lists the configuration (ie whether something is started at boot or not)
  3. Based on iptables syntax, it seems that command line options are designated with one dash. Then options within that option are designated with two dashes so that the nesting becomes clear.
  4. lsmod shows loaded modules
  5. TCP Handshake: First SEQ is randomly chosen, then sequentially numbered. ACK tells which sequence should be sent next. This is symmetric between initiator and receiver because after initial handshake, it's a "conversation".

© 2010 Picky Ricky, Inc. originalblog