Alexander Kushnirenko <[EMAIL PROTECTED]> writes: > > I'm actually using the IP firewall code in Linux 2.2.0-pre5 to provide > > most of the protection to my system. My ipchains rules are as follows > > (actually saved in /etc/ipchains.save and read by ipchains-restore in > > /etc/init.d/network). > Interesting, that's quite a new thought to me. I'm not a security expert at > all of course. Do you have any web references or other relevant documents > telling pro and cons of this technique, as opposed to TCP wrapper?
There's the Firewall HOWTO, and the IP Chains HOWTO in /usr/doc/netbase/ipchains-HOWTO.txt.gz. As a summary: Pros: * In the kernel, so it should be faster. * Affects *everything*, including UDP (like the Network Time Protocol server and Samba name server), and even if the application doesn't use hosts.allow (like X11 and the DNS server). Cons: * More complex to configure. * Harder to tell whether it will work right. After thinking about it, I've actually changed my rules slightly, so that the _only_ incoming TCP connections permitted are on the ident port (for IRC and FTP servers), and on the ports from 1024 to 4999 from the "ftp-data" port, for FTP servers not in passive mode. Using the kernel firewalling code I *know* that a bad application won't leave my system open for abuse. I do have to experiment a little with UDP, to see what's necessary to permit Real Audio to work but keep out other packets. I could also block some kinds of ICMP traffic that I'm not interested in. -- Carey Evans http://home.clear.net.nz/pages/c.evans/ Larry froze. Was the bag a trap? He could see the way in, but the other end appeared to be sealed.