jmr0311 Posted July 11, 2004 Report Share Posted July 11, 2004 Hi everyone. I'll being visiting this forum for a few weeks already and let me tell you that the information, resources and members support is incredible. Thanks to all of you in behalf of all the newbies like me. Now to the question, I'm running Mandrakelinux 10 in my system, Basically I use my system for e-mail, INTERNET browsing, etc., nothing fancy just regular usage. I have to confess that I'm a security freak even do, I know that using Linux represent a major step in improving security compare with windows. I was reading about IP tables and I was wondering if this is something that I need base in how I use my system. If you guys agree that isn't a bad idea to have one, I will like to ask you Guru's in here if you can provide me with a basic script that I can use as a markup. Countless hours reading about creating scripts but I'm still loss went it comes to command line. Also anyone know about a good book for beginners,what I meant for beginner's is not a book that assumes I know the basics because I don't and then take it from there, like a lot of information I found on the INTERNET. Any help in achieving my goals will be very appreciated. Thanks.. Javi [moved from Installing Mandrake by spinynorman] Quote Link to comment Share on other sites More sharing options...
arctic Posted July 11, 2004 Report Share Posted July 11, 2004 Hi jmr. some information can be found here: http://www.linux.org/docs/index.html if you want to buy a book, i think "linux in a nutshell" is one of the best. for special things, just search the net for "howtos" good luck :) Quote Link to comment Share on other sites More sharing options...
Darkelve Posted July 11, 2004 Report Share Posted July 11, 2004 (edited) I would like to add the "LINUX NEWBIE ADMINISTRATOR GUIDE" as one of my favorites. It is especially handy if you download it as a PDF, so you can have it in front of you while you are learning/doing the exercises. http://linux-newbie.sunsite.dk/ Also, don't forget the Linux documentation project: http://www.tldp.org/ Edited July 11, 2004 by Darkelve Quote Link to comment Share on other sites More sharing options...
streeter Posted July 11, 2004 Report Share Posted July 11, 2004 Always reluctant to recommend a firewall script, because I don't want to be held responsible for failure... However, if you are running no servers, using dial-up and want to accept no new input at all from the internet, it shouldn't be difficult to give a short, simple, basic script to work with. If you want to write your own rules, you really need to read up and understand the implications if you get it wrong. Exactly how are you connecting to the internet, and have you an internal network? There is an iptables primer at http://www.linuxguruz.com/iptables/howto/ you may want to look at. The easiest way is to use the Mandrake wizard for your firewall - it uses shorewall, which is a 'front end' for netfilter. Using iptables does the same thing. You may already have a firewall running - type "iptables -nvL" and have a look at the output. You may need to install iptables with "urpmi iptables". Because iptables is not installed, does not necessarily mean you have not got an active firewall. Chris Quote Link to comment Share on other sites More sharing options...
jmr0311 Posted July 11, 2004 Author Report Share Posted July 11, 2004 Thanks streeter for your reply. I understand your concerns and I also understand that asking for help in this matter will implicate some risk that I'm willing to take and I'm not going to hold anybody responsible other than myself. To answer your question, I'm not running any server and I only have one computer. I'm just connected to the internet via a cable modem (ISP - Road Runner) connected to my 2wire router/gateway and then to my only computer. To add to this, all I do when I'm connected to the internet is search different topics, visit my favorite web sites, read the post in forums like this one and some others as well so I can learn about Linux and some other matters, retrieve my e-mails and sometime send e-mails as well. I don't play any online games in which you interact with other users. I sometime play music and videos when I'm browsing this forums so I don't want that to be affected. This is what my internet usage represent, pretty boring. Javi Quote Link to comment Share on other sites More sharing options...
streeter Posted July 11, 2004 Report Share Posted July 11, 2004 Assuming you don't already have a firewall running, something like this would be an absolute minimum starting point: #!/bin/sh iptables -F #clean out the tables iptables -X common #delete the 'common' chain #Default policies iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # will allow all outgoing packets - no questions asked unless you add rules to stop them iptables -N common # Create new chain called common iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # allow replies to our requests and 'related' packets - eg for FTP in eth0 iptables -A INPUT -i eth0 -j DROP # drop everything else coming in eth0 iptables -A INPUT -j common # jump to the common chain iptables -A FORWARD -j common # jump to common for all packets to be forwarded iptables -A common -s 127.0.0.1 -j ACCEPT # accept all from localhost iptables -A common -j DROP # dump the rest This is very simple, and may not stop a cracker, but it will stop pings, connection attempts etc from even knowing you are there. You can do a basic test by going to http://grc.com and running the shields up test (it's really meant for windows). Put the script in a file called tables or something in the /etc/rc.d/init.d directory, and symlink it in the /etc/rc.d/rc.3 to 5 directories with a low number, ie ln -s /etc/rc.d/init.d/tables /etc/rc.d/rc.3/S4tables ln -s /etc/rc.d/init.d/tables /etc/rc.d/rc.4/S4tables ln -s /etc/rc.d/init.d/tables /etc/rc.d/rc.5/S4tables You can look at the tables with "iptables -nvL" You should also turn off all services you do not use using drakxservices, e.g. rpc, portmap, samba httpd, ftpd etc... And if you're really paranoid, unplug your lan connection - that'll stop 'em!! Chris Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.