Hi there folks,
Just a quicky. I've been mucking around with iptables for a while, but I'm
still a bit shaky with them. Would anyone mind checking this over for me
please?
I want to be able to accept incoming connections on port 22, accept any
connections which are a reply to a connection that I
Hi Chris,
On Fri, Apr 18, 2008 at 11:51:19AM +0100, Chris Rowson wrote:
Just a quicky. I've been mucking around with iptables for a while, but I'm
still a bit shaky with them. Would anyone mind checking this over for me
please?
Looks pretty good. I would add RELATED to the ESTABLISHED bit so
Chris,
Chris Rowson wrote:
Just a quicky. I've been mucking around with iptables for a while, but
I'm still a bit shaky with them. Would anyone mind checking this over
for me please?
I'm not sure about how correct these rules are, but have you considered
using something like fwbuilder or
On 18 Apr 2008, at 13:15, Andy Smith wrote:
snip
On a side note, I've added a symbolic link called S95firewall to
this script
in /etc/rc2.d/, but it doesn't seem to run this script at startup?
Any ideas
what I'm doing wrong?
I would use the 'update-rc.d' tool to add the correct
On 18 Apr 2008, at 14:27, Tony Arnold wrote:
snip
Oh, and if you are allowing ssh, then consider running fail2ban or
denyhosts to stop dictionary attacks via ssh, which are very common.
Or only allow key based logins and disable password logins, renders
dictionary attacks useless although
Huw Selley wrote:
On 18 Apr 2008, at 14:27, Tony Arnold wrote:
snip
Oh, and if you are allowing ssh, then consider running fail2ban or
denyhosts to stop dictionary attacks via ssh, which are very common.
Or only allow key based logins and disable password logins, renders
dictionary
On 18 Apr 2008, at 14:52, Tony Arnold wrote:
snip
I'd do both!
Yeah, that gives a better solution. I however am lazy and happy to
tail auth.log for a giggle when I am bored ;)
Regards
Huw
--
ubuntu-uk@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
Thanks as always guys.
I'll try the update-rc.d tool to add the symbolic links.
I'd forgotten about denyhosts, I'll do that too!
I'll also take a look at adding the related rule to the firewall.
Tony, using the script as is, I can still ping the server. I guess the rules
don't block the ICMP
