[ale] IPtables question
Bob Toxen
bob at verysecurelinux.com
Mon Jul 12 19:15:56 EDT 2004
On Mon, Jul 12, 2004 at 09:02:21AM -0400, Chris Fowler wrote:
> On Sun, 2004-07-11 at 22:33, Dow Hurst wrote:
> > Chris Fowler wrote:
> > >I just added a 3rd nic to my linux firewall. On that nic I hav it
> > >directly connected via cross-over to a server that is running an
> > >application. I did this because my customers will be using that
> > >application from the Internet. If for some reason someone was to gain
> > >access to that box I do not want them to be able to come back to the
> > >firewall and jump over to the 2nd nic to my company network.
> > >What would be a good rule that would allow all incoming traffic from
> > >the outside and 2nd nic to that box but would disallow any traffic
> > >originating from that machine?
> > To solve this effectively, you can try using Bob's iptables rules in his
> > book (2nd ed.) and adapt a second set of variables for the 3rd
> > interface. Diagram what you want to go where in map and work your way
> > thru his ruleset to make sure nothing violates the allowed pathways.
...
> What is the name of the book?
"Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
2nd Ed., Prentice Hall, (C) 2003, 848 pages, ISBN: 0130464562
Also available in Japanese, Chinese, and Czech.
By Bob Toxen
http://www.realworldlinuxsecurity.com [My 5* book: "Real World Linux Security"]
...
(I'm in Denver through Wednesday teaching a class on Computer Security
so my Internet access and email is spotty.)
Best regards,
Bob Toxen, CTO
Fly-By-Day Consulting, Inc.
"Your expert in Firewalls, Virus and Spam Filters, VPNs,
Network Monitoring, and Network Security consulting"
http://www.verysecurelinux.com [Network & Linux/Unix Security Consulting]
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke
More information about the Ale
mailing list