Re: [gentoo-amd64] firewall
On 23 Dec 2005, at 14:00, Gavin Seddon wrote: Hi, I to have such a script that blocks ip's after 5 'opportunist' attempts. See below. How do I rc-update this to default? Cheers. I'd dump the current rules to a file (something like /var/lib/ iptables/rules) then have that read in from /etc/conf.d/local.start. You can also have a script in /etc/conf.d/local.stop which will save the rules to a file. The advantage of this approach is that if you change rules on-the-fly the firewall rules will be preserved across restarts. If you want to have the firewall start as a separate process to local then try copying an existing init script and modifying it. Yours, Craig -- Craig Webster | t: +44 (0)131 516 8595 | e: [EMAIL PROTECTED] Xeriom.NET| f: +44 (0)709 287 1902 | w: http://xeriom.net -- gentoo-amd64@gentoo.org mailing list
Re: [gentoo-amd64] firewall
Hi, I to have such a script that blocks ip's after 5 'opportunist' attempts. See below. How do I rc-update this to default? Cheers. #!/bin/sh # Start fresh iptables -F # Deal with SSH connections. iptables -N sshchain iptables -N sshscan # Do the block iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j sshchain iptables -A sshchain -m conntrack --ctstate NEW -m recent --name sshattempts --set iptables -A sshchain -m recent --rcheck --seconds 60 --hitcount 10 --name sshattempts --rsource -j sshscan # log when it happens, iptables -A sshscan -m recent --rcheck --hitcount 3 --seconds 600 -j LOG --log-prefix "SSH to many: " iptables -A sshscan -j DROP ## ps MERRY CHRISTMAS ~ On Fri, 2005-12-23 at 05:26 -0600, Justin Krejci wrote: > Firestarter to me was like using a ZoneAlarm type of windows firewall > program. > It was very super easy to configure but not very flexible. I could not figure > out how to specify UDP vs TCP on rules. This seemed like a great program for > your average run of the mill home/desktop user. > > For a GUI I settled on Kmyfirewall as it was extraordinarily easy to > configure > and use once I learned the basics of how iptables worked. I also wrote a perl > script to automatically block IP addresses of hosts that do brute force SSH > attempts. The IP addresses are automatically unblocked after 1 day. Every > time a change is made it sends out an email. This has really helped to keep > my log files cleaner instead of seeing 500 failed login attempts in a 3 hour > span from one IP address, then multiply that by 1-5 IP addresses per day. > > Note Kmyfirewall is very nice but is still considered beta and it shows but > it > is not broken in any way that I can tell, just the interface has a couple of > small bugs AFAICT. > > On Thursday 22 December 2005 05:17 am, Gavin Seddon wrote: > > It's alright for some. I eat lunch with a couple of dogs (canine). > > Gavin > > > > On Wed, 2005-12-21 at 09:01 -0800, Steve Herber wrote: > > > I would recommend you use Shorewall for an easy way to configure and > > > manage you iptables based linux firewall. The documentation is > > > excellent. Plus, I like to have lunch with the author. > > > > > > shorewall.net > > > > > > Steve Herber [EMAIL PROTECTED] work: 206-221-7262 > > > Security Engineer, UW Medicine, IT Services home: 425-454-2399 > > > > > > On Wed, 21 Dec 2005, Gavin Seddon wrote: > > > > Hi, > > > > I have merged iptables. Will they start at boot and is there a link > > > > for configuring on Gentoo? > > > > Thanks. > > > > -- > > > > Dr Gavin Seddon > > > > School of Pharmacy and Pharmaceutical Sciences > > > > University of Manchester > > > > Oxford Road, Manchester > > > > M13 9PL, U.K. > > > > > > > > -- > > > > gentoo-amd64@gentoo.org mailing list > > > > -- > > Dr Gavin Seddon > > School of Pharmacy and Pharmaceutical Sciences > > University of Manchester > > Oxford Road, Manchester > > M13 9PL, U.K. -- Dr Gavin Seddon School of Pharmacy and Pharmaceutical Sciences University of Manchester Oxford Road, Manchester M13 9PL, U.K. -- gentoo-amd64@gentoo.org mailing list
Re: [gentoo-amd64] firewall
Firestarter to me was like using a ZoneAlarm type of windows firewall program. It was very super easy to configure but not very flexible. I could not figure out how to specify UDP vs TCP on rules. This seemed like a great program for your average run of the mill home/desktop user. For a GUI I settled on Kmyfirewall as it was extraordinarily easy to configure and use once I learned the basics of how iptables worked. I also wrote a perl script to automatically block IP addresses of hosts that do brute force SSH attempts. The IP addresses are automatically unblocked after 1 day. Every time a change is made it sends out an email. This has really helped to keep my log files cleaner instead of seeing 500 failed login attempts in a 3 hour span from one IP address, then multiply that by 1-5 IP addresses per day. Note Kmyfirewall is very nice but is still considered beta and it shows but it is not broken in any way that I can tell, just the interface has a couple of small bugs AFAICT. On Thursday 22 December 2005 05:17 am, Gavin Seddon wrote: > It's alright for some. I eat lunch with a couple of dogs (canine). > Gavin > > On Wed, 2005-12-21 at 09:01 -0800, Steve Herber wrote: > > I would recommend you use Shorewall for an easy way to configure and > > manage you iptables based linux firewall. The documentation is > > excellent. Plus, I like to have lunch with the author. > > > > shorewall.net > > > > Steve Herber[EMAIL PROTECTED] work: 206-221-7262 > > Security Engineer, UW Medicine, IT Services home: 425-454-2399 > > > > On Wed, 21 Dec 2005, Gavin Seddon wrote: > > > Hi, > > > I have merged iptables. Will they start at boot and is there a link > > > for configuring on Gentoo? > > > Thanks. > > > -- > > > Dr Gavin Seddon > > > School of Pharmacy and Pharmaceutical Sciences > > > University of Manchester > > > Oxford Road, Manchester > > > M13 9PL, U.K. > > > > > > -- > > > gentoo-amd64@gentoo.org mailing list > > -- > Dr Gavin Seddon > School of Pharmacy and Pharmaceutical Sciences > University of Manchester > Oxford Road, Manchester > M13 9PL, U.K. -- gentoo-amd64@gentoo.org mailing list
Re: [gentoo-amd64] firewall
It's alright for some. I eat lunch with a couple of dogs (canine). Gavin On Wed, 2005-12-21 at 09:01 -0800, Steve Herber wrote: > I would recommend you use Shorewall for an easy way to configure and > manage you iptables based linux firewall. The documentation is excellent. > Plus, I like to have lunch with the author. > > shorewall.net > > Steve Herber [EMAIL PROTECTED] work: 206-221-7262 > Security Engineer, UW Medicine, IT Services home: 425-454-2399 > > On Wed, 21 Dec 2005, Gavin Seddon wrote: > > > Hi, > > I have merged iptables. Will they start at boot and is there a link for > > configuring on Gentoo? > > Thanks. > > -- > > Dr Gavin Seddon > > School of Pharmacy and Pharmaceutical Sciences > > University of Manchester > > Oxford Road, Manchester > > M13 9PL, U.K. > > > > -- > > gentoo-amd64@gentoo.org mailing list > > -- Dr Gavin Seddon School of Pharmacy and Pharmaceutical Sciences University of Manchester Oxford Road, Manchester M13 9PL, U.K. -- gentoo-amd64@gentoo.org mailing list
Re: [gentoo-amd64] firewall
I would recommend you use Shorewall for an easy way to configure and manage you iptables based linux firewall. The documentation is excellent. Plus, I like to have lunch with the author. shorewall.net Steve Herber[EMAIL PROTECTED] work: 206-221-7262 Security Engineer, UW Medicine, IT Services home: 425-454-2399 On Wed, 21 Dec 2005, Gavin Seddon wrote: Hi, I have merged iptables. Will they start at boot and is there a link for configuring on Gentoo? Thanks. -- Dr Gavin Seddon School of Pharmacy and Pharmaceutical Sciences University of Manchester Oxford Road, Manchester M13 9PL, U.K. -- gentoo-amd64@gentoo.org mailing list -- gentoo-amd64@gentoo.org mailing list
Re: [gentoo-amd64] firewall
On Wednesday 21 December 2005 05:44, Brett Johnson wrote: > shorewall (http://www.shorewall.net/) is a commandline tool that uses a > set of configuration files to configure the firewall. It first it > appears a little overwhelming, but the documentation on the site is very > good and walks through the most common types of setups used. There's a nice interface for shorewall as a Webmin module: app-admin/webmin -- # # electronerd, the electronerdian from electronerdia # pgpObhMBOy7zC.pgp Description: PGP signature
Re: [gentoo-amd64] firewall
If you are "REALLY" lazy to do little configuring, you can try out firestarter. (I won't prefer, it just makes me confusing) Having a simple script for your iptables aint that hard, you can find templates on the net easily. -- Int'l Anti-Microsoft Assn. Japan/S'pore Dept. fsck /dev/urandom; Taka John Brunkhorst [EMAIL PROTECTED] -- gentoo-amd64@gentoo.org mailing list
Re: [gentoo-amd64] firewall
On Wed, Dec 21, 2005 at 12:35:54PM +, Gavin Seddon wrote: > Hi, > I have merged iptables. Will they start at boot and is there a link for > configuring on Gentoo? I would suggest looking into one of these tools depending on your preference of text versus gui tools: fwbuilder (http://www.fwbuilder.org/) is a nice QT based gui tool with a simple wizard to get you started and drag and drop rule building. They also have some good documentation on building effective firewalls. shorewall (http://www.shorewall.net/) is a commandline tool that uses a set of configuration files to configure the firewall. It first it appears a little overwhelming, but the documentation on the site is very good and walks through the most common types of setups used. In the long run, I believe shorewall is slightly easier to use and more flexible than fwbuilder. Shorewall does require editing several configuration files to properly configure the firewall, so it is more difficult to get the overall view of your firewall (for more complex firewall configurations) than fwbuilder provides. Brett -- gentoo-amd64@gentoo.org mailing list
Re: [gentoo-amd64] firewall
Gavin Seddon wrote: Hi, I have merged iptables. Will they start at boot and is there a link for configuring on Gentoo? Thanks. http://www.gentoo.org/doc/en/home-router-howto.xml Hth -- / Xavier Neys \_ Gentoo Documentation Project / French & Internationalisation Lead \ http://www.gentoo.org/doc/en /\ -- gentoo-amd64@gentoo.org mailing list
Re: [gentoo-amd64] firewall
On 21 Dec 2005, at 12:35, Gavin Seddon wrote: I have merged iptables. Will they start at boot and is there a link for configuring on Gentoo? http://www.google.com/search?q=gentoo+iptables The first link should give you a nice intro. Yours, Craig -- Craig Webster | t: +44 (0)131 516 8595 | e: [EMAIL PROTECTED] Xeriom.NET| f: +44 (0)709 287 1902 | w: http://xeriom.net -- gentoo-amd64@gentoo.org mailing list
[gentoo-amd64] firewall
Hi, I have merged iptables. Will they start at boot and is there a link for configuring on Gentoo? Thanks. -- Dr Gavin Seddon School of Pharmacy and Pharmaceutical Sciences University of Manchester Oxford Road, Manchester M13 9PL, U.K. -- gentoo-amd64@gentoo.org mailing list
