[1893] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Linux and IPFWADM

daemon@ATHENA.MIT.EDU (Jeff Gray)
Wed Jun 17 03:24:22 1998

Date: Tue, 16 Jun 1998 18:40:32 +1000
From: Jeff Gray <jeffg@provenance.com.au>
To: linux-security@redhat.com
CC: S Hedges <shedges@shaw.wave.ca>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

>     I have been perusing the various linux security sources looking for a
> reliable, proven, source for ipfwadm firewall rules.
>     My request to someone out there is to please post a working copy of
> ipfwadm rules, that is WELL documented and not messy.

If you haven't seen them already, try these Web sites for decent info on ipfwadm,
including some real examples.

http://simba.xos.nl/linux/ipfwadm/
   (the Paper at this site is worth reading)
http://oloon.student.utwente.nl/linux/ipmasq/index.html
   (this site is about IP Masquerading, which is related, but it has some links
to ipfwadm as well)
http://www.indyramp.com/mirrors/ipmasq/ipmasq-HOWTO.html
   (this is the IP Masquerade mini HOWTO. Section 4.4 covers ipfwadm
configuration)

What I'd suggest is that you get a _very_ basic set of rules in place one at a
time & try various operations to verify that a given port (ie ftp, http, etc)
does or does not work, according to the rules defined. This is the best way to
get a feel for how they work. Try entering the rules from the command line one at
a time, so you can see immediately what's happened. Once you understand what you
need, then create the permanent rules file.

Get a friend offsite to try various things & see what appears in the logfile.
Once you've done this for a few rules, it will become clearer what is going on.

Hope this helps.

Regards,
Jeff Gray
                                O O O
..........-------+++++++*******  O O  *******+++++++-------..........
Code Azure Pty Ltd, Sydney, Australia     http://www.provenance.com.au
Geek Code 3.1 : GCS d+(-) s+:-- a C++$ UL++$ E--- W++$ N+ w++$ !O- !M-
!V-- PS+ PE+ Y+ PGP++ t- 5- X++ R+ tv++ b+++ DI+ D+ G e+ h--- r+++ y?

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post