OK, so they just closed it up using ipchhains? if thats it, then I have no problems, I know my way around ipchains fules.. I thought the security script may have done other stuff to close ports and stuff..... gonna have to learn iptables when 8.1 comes out though... rgds Frank -----Original Message----- From: Michael D. Viron [mailto:[EMAIL PROTECTED]] Sent: Saturday, 15 September 2001 12:45 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [newbie] Fostering the linux comunity spirit...... and a question about mandrake security level..and another one on Bind.. >Is there anything available that explains how to open just what I need?? >(ie how to get port 25 open and listening for postfix... ditto with 80 and >httpd, ditto with bind on 53 (or the high ports) ssh,,, etc, etc, you get >the idea. well, this depends on whether you are using iptables or ipchains. If you are using ipchains, you can do something like: 'ipchains -A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT' which allows connections coming from and going anywhere on port 80. The 80 can very easily be changed to accomodate other ports you need to have open to anyone. If you have "trusted" hosts (ie, machines under your direct control), you can then also do something like: 'ipchains -A input -s 111.11.11.122 -d 0/0 -p all -j ACCEPT' which will allow any type of connection from that machine (either udp or tcp). with a destination of anywhere. >It seems more logical then starting at security level Medium and then >installing the secure kernel, pmfirewall, portsentry. and trying to harden >it as much as possible myself,,, if I could start hard and soften to my >needs, no doubt it would be more secure in the long run. (not that I >wouldn't do all of the above even if I could do it,, I just think the end >results would be more secure. > >also, if you run a newer bind, and it is using the higher ports, how can you >open the firewall to allow it if you don't know that ports its using??? I >have our bind tied to port 53, and it gets lots of attack attempts >(thousands) and I'd like to block 53 and open the higher ports... does >anyone know anything about this?? Well, the easiest way to block the port 53 attacks is to disallow all connections by default, and then only allow connections depending on need. For example, my ipchains file (in /etc/sysconfig) has: -A input -s 111.11.11.111 53 -d 0/0 -p udp -j ACCEPT which allows connections originating from my nameserver(s) and going anywhere. All other connection attempts on port 53 will be blocked (ip changed for security reasons). Michael -- Michael Viron Registered Linux User #81978 Senior Systems & Administration Consultant Web Spinners, University of West Florida
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
