Kevin Cozens wrote:

At 02:07 PM 12/01/2003 -0500, Teddy Mills wrote:

...

All I want to is stop everything coming in, and allow ports 22,25,53,80.

Can someone post a generic one? Amazingly, this is not easy to find. My script is 95% there, but that last 5% will be difficult. Might be easier to work with a new script.

[snip]

...

I want to start by not allowing anything, and then allowing only 22,25,53,80.

You might want to check out the MonMotha script at: http://monmotha.mplug.org/firewall/index.php

It is the script I am using on a couple of machines. It denies everything except for what you tell it to allow. It is easily configured by setting the contents of a few variables near the start of the script.

On the subject of allowing 53, something which has always bothered me about a lot of these scripts (from monmotha): for server in ${DNS} ; do ${IPTABLES} -t filter -A INETIN -p udp -s ${server} --sport 53 -j UDPACCEPT echo -n "${server} " done Is it still possible these days to look up your victim's ISP's DNS servers, and send a source-port, source-ip spoofed UDP packet to any port on the machine? Provided that the malicious person is using an ISP which would let out any source-spoofed traffic which obviously could not have legitimately originated from within their network? Then you use that to attack a vulnerable service, to do something like an overflow attack to kill whatever was on a permitted port and open a shell on it. They specify that this is "only for zone transfers", I guess regular DNS queries are covered by: echo -n "Allowing established outbound connections back in..." ${IPTABLES} -t filter -A INETIN -m state --state ESTABLISHED,RELATED -j ACCEPT echo "done" I haven't hacked around with this stuff in a long time though :-( Just be super careful with 'deny all' inbound source-port 53 firewall configurations. -Mike -- The Toronto Linux Users Group. Meetings: http://tlug.ss.org TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml