[1893] in linux-security and linux-alert archive
[linux-security] Re: Linux and IPFWADM
daemon@ATHENA.MIT.EDU (Jeff Gray)
Wed Jun 17 03:24:22 1998
Date: Tue, 16 Jun 1998 18:40:32 +1000
From: Jeff Gray <jeffg@provenance.com.au>
To: linux-security@redhat.com
CC: S Hedges <shedges@shaw.wave.ca>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
> I have been perusing the various linux security sources looking for a
> reliable, proven, source for ipfwadm firewall rules.
> My request to someone out there is to please post a working copy of
> ipfwadm rules, that is WELL documented and not messy.
If you haven't seen them already, try these Web sites for decent info on ipfwadm,
including some real examples.
http://simba.xos.nl/linux/ipfwadm/
(the Paper at this site is worth reading)
http://oloon.student.utwente.nl/linux/ipmasq/index.html
(this site is about IP Masquerading, which is related, but it has some links
to ipfwadm as well)
http://www.indyramp.com/mirrors/ipmasq/ipmasq-HOWTO.html
(this is the IP Masquerade mini HOWTO. Section 4.4 covers ipfwadm
configuration)
What I'd suggest is that you get a _very_ basic set of rules in place one at a
time & try various operations to verify that a given port (ie ftp, http, etc)
does or does not work, according to the rules defined. This is the best way to
get a feel for how they work. Try entering the rules from the command line one at
a time, so you can see immediately what's happened. Once you understand what you
need, then create the permanent rules file.
Get a friend offsite to try various things & see what appears in the logfile.
Once you've done this for a few rules, it will become clearer what is going on.
Hope this helps.
Regards,
Jeff Gray
O O O
..........-------+++++++******* O O *******+++++++-------..........
Code Azure Pty Ltd, Sydney, Australia http://www.provenance.com.au
Geek Code 3.1 : GCS d+(-) s+:-- a C++$ UL++$ E--- W++$ N+ w++$ !O- !M-
!V-- PS+ PE+ Y+ PGP++ t- 5- X++ R+ tv++ b+++ DI+ D+ G e+ h--- r+++ y?
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null