[ale] Firewalling question

'UnderGrid Founder' undrgrid at undergrid.net
Thu May 6 19:10:49 EDT 1999


--bCsyhTFzCvuiizWE
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Michael A. Smith decided to waste my bandwidth saying:
> Now that we know this, does anyone have a good ipfwadm or ipchians rule f=
or
> filtering this out?

	My first comment would be if you're gonna build a firewall... Block
all traffic coming in and only allow what you really need coming in... It=
=20
doesn't make sense to really only run it on the ports you don't want...

	That said... You would really only need to block ports 137 - 139. If
you go by /etc/services this involves UDP and TCP for the netbios-ns,=20
netbios-dgm and netbios-ssn... If you actually need those on your LAN then=
=20
make sure the rules are only on your outside interface (ppp+ if dial-up or=
=20
eth? if cablemodem or xDSL) so your internal ethernet device can still use
those ports... You could also limit the destination to only the IPs need'd
(ie - 192.168.1.0/24 rather than 0.0.0.0/0)... You would want to make sure
these would be applied to your input and forward chains...

	Now as I block everythin by default and only allow what I want coming
in I'm writing this without testing it... but these should work for ipchain=
s...

:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 192.168.1.0/255.255.255.0 137:139 -i ppp+ -p=
 6 -j DENY
-A input -s 0.0.0.0/0.0.0.0 -d 192.168.1.0/255.255.255.0 137:139 -i ppp+ -p=
 17 -j DENY
-A forward -s 0.0.0.0/0.0.0.0 -d 192.168.1.0/255.255.255.0 137:139 -i eth0 =
-p 6 -j DENY
-A forward -s 0.0.0.0/0.0.0.0 -d 192.168.1.0/255.255.255.0 137:139 -i eth0 =
-p 17 -j DENY

	Of course none of this has been test'd... I welcome anyone to correct
any errors that may be there... this was done just off the top of my head...
You could cut-n-paste that into a file (ie - netbios.blk) and run it through
ipchains-restore (ie - ipchains-restore < netbios.blk) to put it in action.=
..
Alternatively you might want to add the ports for NFS (portmap, mountd, etc)
especially if you're runnin RedHat as I've dealt with too many attempts at
unauthorized access to my box only to have the provider tell me it was their
customers RedHat box and it was compromised...

	Respectfully,
	Jeremy T. Bouse
	UnderGrid Network Services
--=20
,--------------------------------------------------------------------------=
---,
| Jeremy T. Bouse  -  UnderGrid Network Services, LLC  -   www.UnderGrid.ne=
t  |
|     PGP ID/Fingerprint: 1024/E83D9AE5/4ACC03F098D78198 19D0593E50E597E9  =
   |
|   Public PGP key available via PGP keyserver at http://pgp.UnderGrid.net =
   |
| undrgrid at UnderGrid.net  -  NIC Whois: JB5713  -  Jeremy.Bouse at UnderGrid.n=
et |
|      promotion, n.: New title, new salary, new office, same old crap.    =
   |
`--------------------------------------------------------------------------=
---'

--bCsyhTFzCvuiizWE
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a

iQCVAwUBNzIheOak13roPZrlAQGQegQAmpn6AfWSUE92HuRfjVH8/xlQnVrv758j
VFBmL4zcgMfzf/Hk13vFcm/SGXjKNiT7YkUtukJ3TBDtIVbxw3Wupe314T4M8ExF
IU6fF28DJO/uGGNC/nJPp1lQcAAXcsh+ufVDYSEURA+At3muBJQIZMkrpQkiS/UA
wYThMHJfjrI=
=IMiJ
-----END PGP SIGNATURE-----

--bCsyhTFzCvuiizWE--






More information about the Ale mailing list