Newbie ?, IP tables & Security

[jmr0311]

Hi everyone. I'll being visiting this forum for a few weeks already and let me tell you that the information, resources and members support is incredible. Thanks to all of you in behalf of all the newbies like me. Now to the question, I'm running Mandrakelinux 10 in my system, Basically I use my system for e-mail, INTERNET browsing, etc., nothing fancy just regular usage. I have to confess that I'm a security freak even do, I know that using Linux represent a major step in improving security compare with windows.

 

I was reading about IP tables and I was wondering if this is something that I need base in how I use my system. If you guys agree that isn't a bad idea to have one, I will like to ask you Guru's in here if you can provide me with a basic script that I can use as a markup. Countless hours reading about creating scripts but I'm still loss went it comes to command line. Also anyone know about a good book for beginners,what I meant for beginner's is not a book that assumes I know the basics because I don't and then take it from there, like a lot of information I found on the INTERNET. Any help in achieving my goals will be very appreciated. Thanks..

 

Javi

 

[moved from Installing Mandrake by spinynorman]

[arctic]

Hi jmr.

 

some information can be found here:

http://www.linux.org/docs/index.html

 

if you want to buy a book, i think "linux in a nutshell" is one of the best.

 

for special things, just search the net for "howtos"

good luck :)

[Darkelve]

I would like to add the "LINUX NEWBIE ADMINISTRATOR GUIDE" as one of my favorites. It is especially handy if you download it as a PDF, so you can have it in front of you while you are learning/doing the exercises.

 

http://linux-newbie.sunsite.dk/

 

Also, don't forget the Linux documentation project:

http://www.tldp.org/

Edited July 11, 2004 by Darkelve

[streeter]

Always reluctant to recommend a firewall script, because I don't want to be held responsible for failure...

 

However, if you are running no servers, using dial-up and want to accept no new input at all from the internet, it shouldn't be difficult to give a short, simple, basic script to work with. If you want to write your own rules, you really need to read up and understand the implications if you get it wrong.

 

Exactly how are you connecting to the internet, and have you an internal network?

 

There is an iptables primer at http://www.linuxguruz.com/iptables/howto/ you may want to look at.

 

The easiest way is to use the Mandrake wizard for your firewall - it uses shorewall, which is a 'front end' for netfilter. Using iptables does the same thing.

 

You may already have a firewall running - type "iptables -nvL" and have a look at the output. You may need to install iptables with "urpmi iptables". Because iptables is not installed, does not necessarily mean you have not got an active firewall.

 

Chris

[jmr0311]

Thanks streeter for your reply. I understand your concerns and I also understand that asking for help in this matter will implicate some risk that I'm willing to take and I'm not going to hold anybody responsible other than myself. To answer your question, I'm not running any server and I only have one computer.

I'm just connected to the internet via a cable modem (ISP - Road Runner) connected to my 2wire router/gateway and then to my only computer.

To add to this, all I do when I'm connected to the internet is search different topics, visit my favorite web sites, read the post in forums like this one and some others as well so I can learn about Linux and some other matters, retrieve my e-mails and sometime send e-mails as well. I don't play any online games in which you interact with other users. I sometime play music and videos when I'm browsing this forums so I don't want that to be affected. This is what my internet usage represent, pretty boring.

 

Javi

[streeter]

Assuming you don't already have a firewall running, something like this would be an absolute minimum starting point:

#!/bin/sh

iptables -F    #clean out the tables
iptables -X common	#delete the 'common' chain

#Default policies
iptables -P INPUT  DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT	# will allow all outgoing packets - no questions asked unless you add rules to stop them 

iptables -N common    # Create new chain called common

iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT 	 # allow replies to our requests and 'related' packets - eg for FTP in eth0
iptables -A INPUT -i eth0 -j DROP        # drop everything else coming in eth0
iptables -A INPUT -j common        # jump to the common chain

iptables -A FORWARD -j common     	 # jump to common for all packets to be forwarded

iptables -A common -s 127.0.0.1 -j ACCEPT   	 # accept all from localhost
iptables -A common -j DROP     	 # dump the rest

This is very simple, and may not stop a cracker, but it will stop pings, connection attempts etc from even knowing you are there. You can do a basic test by going to http://grc.com and running the shields up test (it's really meant for windows).

 

Put the script in a file called tables or something in the /etc/rc.d/init.d directory, and symlink it in the /etc/rc.d/rc.3 to 5 directories with a low number, ie

ln -s /etc/rc.d/init.d/tables /etc/rc.d/rc.3/S4tables
ln -s /etc/rc.d/init.d/tables /etc/rc.d/rc.4/S4tables
ln -s /etc/rc.d/init.d/tables /etc/rc.d/rc.5/S4tables

 

You can look at the tables with "iptables -nvL"

 

You should also turn off all services you do not use using drakxservices, e.g. rpc, portmap, samba httpd, ftpd etc...

 

And if you're really paranoid, unplug your lan connection - that'll stop 'em!!

 

Chris