Speaking of modem firewalls, was: Re: [lug] newbie seeks www
Scott A. Herod
herod at interact-tv.com
Tue Apr 24 10:20:10 MDT 2001
Hi Dan,
Speaking on firewalling a ppp interface, is it simply enough to
block SYM packets? I suppose that wouldn't stop UDP requests, however
but of course those could be block separately. I'm thinking something
like:
ipchains -P input ALLOW
ipchains -A input -j REJECT -p tcp -y -i ppp0 -s 0.0.0.0/0 -l
ipchains -A input -j REJECT -p udp -i ppp0 -s 0.0.0.0/0 -l
Basically, if I don't want anything to be able to initialize a
connection across the ppp interface, is the above enough? ( I
do want all communication to flow freely across the eth0 interface
which is only my home network. )
Scott
"D. Stimits" wrote:
>
> You will probably want to be sure you have a kernel that supports
> ipchains (firewalling), that it is enabled, and that several ports are
> completely blocked from the modem (target interface ppp0). Anyone else,
> feel free to name dangerous ports, but here are a few port numbers to
> block, preferably both UDP and TCP (these are just very basic, there is
> more to it):
> 20, 21, input only (ftp).
> 23, input only (telnet).
> 53, other than your known name servers.
> 80, input only (web server)
> 98 (linuxconf)
> 111
> 137-139
> 369
> 514
> 515 (printer, lpd)
>
> Both tcp and udp might not be relevant on a given port, but the ones
> named you can safely block both regardless. Those above are just a
> sample of ports that are either tested regularly by port scanning
> crackers, or too important to be left open. There is a lot more that
> should be blocked
>
> You'll want to update early on after getting the modem via (for RH 6.2):
> http://www.redhat.com/support/errata/rh62-errata-security.html
>
> Or more generally:
> http://www.redhat.com/support/errata/
>
> D. Stimits, stimits at idcomm.com
More information about the LUG
mailing list