[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] IPCHAINS & Rules Settings

Subject: [cobalt-users] IPCHAINS & Rules Settings
From: aljuhani <aljuhani@xxxxxxxxx>
Date: Fri Oct 25 15:18:00 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Hello List.

Last night I have installed IPCHAINS without any problems.  I did command line 
blocking of certain IPs then I decided to make a global rules that contains 
Accept and Deny Policy.  I made a file as below and chmod it to 700 and it 
executed ok and Rules were applied.

I tested everything from Pop3, SSH, FTP and HTTP were all working fine.  I did 
then a port scan which usually shows me all ports with connection refused 
message (from PortSentry), This time my scan were blocked and all ports showed 
timed-out connections.  The server were working fine and I was accessing pop3 
with no problem BUT then after 15 minutes all services became un-reashable.  I 
mean checking email times-out just like if the server is offline. Same goes 
for ssh.  Ping respond ok.  Websites browsing/loading slow! then I re-booted 
the server to flush the IPCHAINS Rules and now everything back to norms.

But I need to apply the IPCHAINS rules, and want to know what is wrong.  The 
rules are as below:

=====START IPCHAINS RULES======
# keep out attacking IPs
./ipchains -A input -i eth0 --source 172.163.236.101 -j DENY -l
./ipchains -A input -i eth0 --source 61.99.92.61 -j DENY -l
./ipchains -A input -i eth0 --source 200.254.22.197 -j DENY -l
./ipchains -A input -i eth0 --source 61.73.0.44 -j DENY -l
./ipchains -A input -i eth0 -p tcp --destination-port 137 --syn -j DENY

# TCP 
# serve ftp for NON-passive clients_ONLY_ 
./ipchains -A input -i eth0 -p tcp --destination-port 20:21 --syn -j ACCEPT -l

# serve ssh - 22 
./ipchains -A input -i eth0 -p tcp --destination-port 22 --syn -j ACCEPT -l

# serve smtp - 25 
./ipchains -A input -i eth0 -p tcp --destination-port 25 --syn -j ACCEPT

# serve http - 80 
./ipchains -A input -i eth0 -p tcp --destination-port 80 --syn -j ACCEPT

# serve https admin - 81 
./ipchains -A input -i eth0 -p tcp --destination-port 81 --syn -j ACCEPT -l

# serve https admin - 443 
./ipchains -A input -i eth0 -p tcp --destination-port 443 --syn -j ACCEPT -l

# serve pop3 - 110 
./ipchains -A input -i eth0 -p tcp --destination-port 110 --syn -j ACCEPT

# disallow SYN on all else 
./ipchains -A input -i eth0 -p tcp --syn -j DENY -l

#allow gateway 
./ipchains -A input -i eth0 --source 111.222.333.4 -j ACCEPT

# allow existing TCP sessions to continue 
./ipchains -A input -i eth0 -p tcp -j ACCEPT


# UDP 
# DNS response 
./ipchains -A input -i eth0 -p udp --source 11.22.33.44 53 -j ACCEPT 
./ipchains -A input -i eth0 -p udp --source 11.22.33.44 53 -j ACCEPT 
./ipchains -A input -i eth0 -p udp --source 11.22.33.44 53 -j ACCEPT 
./ipchains -A input -i eth0 -p udp --source 11.22.33.44 53 -j ACCEPT 
./ipchains -A input -i eth0 -p udp --source 11.22.33.44 53 -j ACCEPT

# ICMP allowed 
./ipchains -A input -i eth0 -p icmp -j ACCEPT

# disallow all else 
./ipchains -A input -i eth0 -j DENY -l

======END IPCHAINS RULES=======

Regards,

Al-Juhani
aljuhani@xxxxxxxxx

Follow-Ups:
- RE: [cobalt-users] IPCHAINS & Rules Settings
  - From: Steven Young

Prev by Date: Re: [cobalt-users] Re: Different relaying denied question on Raq4
Next by Date: RE: [cobalt-users] IPCHAINS & Rules Settings
Previous by thread: [cobalt-users] RAQ4i: Changing DNS Settings of Primary NIC From The Command Line
Next by thread: RE: [cobalt-users] IPCHAINS & Rules Settings

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index