[wplug] iptables (was: Speaking of cracks? Maybe? How do you...)

Vance Kochenderfer vance at happylemur.com
Sat Sep 27 23:36:18 EDT 2003 

I don't want to step into it too much here, but I would not regard
someone portscanning my machine as particularly helpful, unless of
course I asked them to do it.  If you're interested in seeing how
machines get cracked, set up your own honeypot.

One lesson to be learned is that iptables is your friend.  Get thee
to <http://www.linuxguruz.com/iptables/howto/> and read the HOWTO.
Appended to this message is a sample /etc/sysconfig/iptables (from
a system with a 2.4 kernel).  This file is used by the nifty init
script /etc/init.d/iptables in Mandrake (and, I assume, other
distros as well).  This is designed for a stand-alone workstation
that does not run any services available to the public.  Read the
HOWTO and modify this as necessary.

Vance Kochenderfer        |  "Get me out of these ropes and into a
vance at happylemur.com      |   good belt of Scotch"    -Nick Danger

# Annotated by VK on 7 Aug 2001
#
# Generated by iptables-save v1.2.1 on Tue Aug  7 22:24:59 2001
*mangle
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Tue Aug  7 22:24:59 2001
# Generated by iptables-save v1.2.1 on Tue Aug  7 22:24:59 2001
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Tue Aug  7 22:24:59 2001
# Generated by iptables-save v1.2.1 on Tue Aug  7 22:24:59 2001
#
# Default: let all packets out, none in
#
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# Bad Things happen if you drop packets on the loopback interface
-A INPUT -i lo -j ACCEPT
# Let all packets on the local network in
-A INPUT -i eth0 -j ACCEPT
# Log and block all attempts to connect to privileged ports
# via ppp interfaces
-A INPUT -i ppp+ -p tcp -m tcp --dport 0:1024 -j LOG --log-prefix iptables:
-A INPUT -i ppp+ -p tcp -m tcp --dport 0:1024 -j DROP
-A INPUT -i ppp+ -p udp -m udp --dport 0:1024 -j LOG --log-prefix iptables:
-A INPUT -i ppp+ -p udp -m udp --dport 0:1024 -j DROP
# The same, for X11 ports
-A INPUT -i ppp+ -p tcp -m tcp --dport 6000:6063 -j LOG --log-prefix iptables:
-A INPUT -i ppp+ -p tcp -m tcp --dport 6000:6063 -j DROP
-A INPUT -i ppp+ -p udp -m udp --dport 6000:6063 -j LOG --log-prefix iptables:
-A INPUT -i ppp+ -p udp -m udp --dport 6000:6063 -j DROP
# The same, for X font server port
-A INPUT -i ppp+ -p tcp -m tcp --dport 7100 -j LOG --log-prefix iptables:
-A INPUT -i ppp+ -p tcp -m tcp --dport 7100 -j DROP
-A INPUT -i ppp+ -p udp -m udp --dport 7100 -j LOG --log-prefix iptables:
-A INPUT -i ppp+ -p udp -m udp --dport 7100 -j DROP
# Block all ICMP redirect packets on ppp interfaces
-A INPUT -i ppp+ -p icmp -m icmp --icmp-type 5 -j DROP
# Accept all ppp packets which are part of an established or
# requested connection (stateful inspection)
-A INPUT -i ppp+ -m state --state RELATED,ESTABLISHED -j ACCEPT
# Don't forward any packets to or from ppp interfaces
-A FORWARD -i ppp+ -j DROP
-A FORWARD -o ppp+ -j DROP
COMMIT
# Completed on Tue Aug  7 22:24:59 2001

More information about the wplug mailing list