Hi Judith,,
rather then comment on the command stuff that the other responses are
focusing on, I will try to help you out in my megre way...
first, what type of connection do you have? cable, ppp (dialup) ADSL,,,, all
can require different answers..
The problem is that I do everything with IPCHAINS, and because you have
IPtables, it is different and not compatable, although the syntax is
similiar,
This is an IPchain rule to open a port..
/sbin/ipchains -A input -p tcp -s 0/0 -d 123.123.123.245/255.255.255.255
80 -j ACCEPT
That basically means allow all tcp connections from 0/0 (anywhere) to
123.123.123.245/255.255.255.255 (your ip and subnet)
on port 80,, so that means with this ipchains rule, it will open port 80...
if you change the -j (which bascially means "jumpto" and is essentially what
you want to do with the packet...
so change it to DENY and you have locked that port.. and if you put a -l
after it, it will log it also..
/sbin/ipchains -A input -p tcp -s 0/0 -d 123.123.123.245/255.255.255.255
80 -j DENY -l
brief breakdown,,,
-A means append a new rule...
-p means what protocol, in the above example its tcp
-s means source,, where the packet came from,,, (so 0/0 means it doens't
matter where it came from)
-d means destination, where the packet was heading to,, (hense specifing
your IP)
-j is the target, or what to do with the packet... (hence DENY, ACCEPT
REJECT.. etc..)
-l log the packets,,,,
Then you would add this rule to the bottom of your rc.local file,,, or where
ever your other firewall scripts put them..
so in your case, assuming you had ipchains and not iptables, (IPTABLES is
newer and in some ways better, (ie simplier) to use)
you could add the rules as follows...
/sbin/ipchains -A input -p tcp -s 0/0 -d 123.123.123.245/255.255.255.255
631 -j DENY -l
/sbin/ipchains -A input -p tcp -s 0/0 -d 123.123.123.245/255.255.255.255
6000 -j DENY -l
so now,, all you have to do is convert them to IPTABLES and add them to your
rules and you are set...
I might that ipchains and iptables are kernel filtering,, they are much
better then the windows variants, and that is why they are alittle more
daunting at first,, I ran bastille ages ago, and had the same problem, back
then I didn't know wether or not to have stuff open or closed...
Thats why I liked pmfirewall back then, it asks you questions and writes the
rules based on your suggestions... and it suggests stuff like closing
6000...
anyway, I apologise for not being able to be more specific to your problems,
but there are a few sites out there that can tell you how to convert
IPCHAINS to IPTABLES, and if you find one of them, you should be fine...
(or you can set your box up to use ipchains instead, but thats more hassle
then converting to iptables.
regards
Frank
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Judith Miner
Sent: Wednesday, 4 July 2001 9:58 AM
To: [EMAIL PROTECTED]
Subject: [newbie] Internet Security
First of all, thanks to everyone who shared their opinions on working as
root. I've printed out a bunch of messages and will be digesting them as
time allows. For those who wondered why I need to be root so often, it's
because I'm still very much involved in getting the system set up,
installing programs, etc., and it seems I have to be root in order to do
a lot of what needs to be done. Once the system is complete and has a
chance to settle, I can handle working as user. But for now, it is very
inconvenient.
My priorities now are first, to firm up my Internet security; second, to
get my Type 1 fonts working and available to applications; third, to
figure out what's going on with the printers.
Today I worked on Internet security. I tried some of the things
suggested and frankly, I don't have a clue. I don't understand the
directions, I can't find some of the things suggested, I can't deal with
scripts, I don't have six months to take a course.<g> I read the How
To's on network security and firewalls and they descended into geekspeak
much too fast and far too deeply and I was lost.
Remember, I'm your test case--the Windows user who wants to say good-bye
to Microsoft but does not want to and will not become a command
line/console sort of gal. Mandrake 8 claims to have me in mind.<g>
Since I was stumped by the console approach, here's what I did in
desperation to get my ports closed on the Internet. I ran draksec as
root from a command line and when it came up, I set my security to
Medium. I also ran BastilleChooser and picked the Medium level, no
server option. Then I went on the Web and back to grc.com and
sdesign.com to test my ports. At grc.com all my ports were closed, which
was an improvement from when I tested before and my SMTP port was
reported open. I turned off some startup process or whatever it's called
that had something to do with mail transport. So okay, some progress. At
sdesign.com I had fewer ports open than I did before, but I'm still
seeing open ports at 631 (tcp) and 6000 (tcp X11).
I got the same results whether I went online as root or as user.
How can I get those ports closed? Clear directions much appreciated! If
you tell me exactly where to look and what to edit, I can do it, but I
can't figure it out on my own.
I tried to run the interactive Bastille but I didn't understand the
options and the explanations were much too sketchy. I don't like to make
decisions like that when I don't understand what I'm doing. So I ran
BastilleChooser instead and figure it's better than nothing. Why isn't
Bastille on medium security closing all my ports?
Thanks very much for any help you can give.
--Judy Miner
