Re: [cobalt-users] ipchains installation

["Nico Meijer" <cobalt-users@xxxxxxxxxxxxxxx>]

Hi Johnson,

> I'm trying to install ipchains in my Raq3. I had search the listings for
the
> place to download the ipchains RPM but the URL listed seems dead or
> unaccessible. Unable to download from www.redhat.com as well. I managed to
> get an ipchains RPM from a RedHat Linux 7.0
CD(ipchains-1.3.9-17.i386.rpm).

The source for your RPMs is http://rpmfind.net. I downloaded the ipchains
rpm for RedHat 6.2 (1.3.9-5 I believe) and installed that onto my RaQ3
without a glitch.

> Can I install this version of ipchains into Cobalt? Cos I don't think
Cobalt
> is using RedHat Linux 7.

It is my understanding that the RaQ3 OS is based on RedHat 6.x (0/1/2).
Maybe anyone has more info on that?

> I also found iproute, iputils and ipxutils in the
> CD. Does these need to be installed as well?

Check if it's installed: "rpm -qa | grep -i ip". I didn't have to install
anything else besides ipchains.

> Will ipchains affect portsentry if I use default ACCEPT policy?

Couldn't think of a way that it would. But I would not recommend you use a
default ACCEPT policy. A default REJECT/DENY policy is way better/safer,
IMHO. It rendered my box utterly useless when issueing a "/sbin/ipchains -F"
after testing with a default REJECT. So be careful! ;-)

I am currently working on a script (almost done) for the RaQ3 that will
automatically select any IP address that is in use on eth0(:x), so that it
will set strict defaults on *all* your IP's. In short: anything is blocked,
except [insert yadda-yadda-yadda here], even high unpriviledged ports.

I'll probably post it on the security list once it's something you could
work with to have people hack at it. It's extremely simple right now and
Active Monitor is flashing red, although everything seems to work fine. So I
do need help on the script. ;-)

Good luck... Nico