Stay Ahead With Linux Security HOWTOs

network securitysecurity managementfirewall

Utilizing ipchains for Network Security and Traffic Management

The first step to securing any network is a strong, defensive firewall.. To secure a network, a firewall is probably the most common and the most basic step. A firewall works by checking packets against a set of rules and blocking all packets that don't pass the rules. Firewall capabilities are usually built into the Linux kernel. The firewall rule set is created with the program /sbin/ipchains. The best philosophy for a firewall rule set is to be as defensive as possibly. The rule set should block everything first, then only allow the services needed. Use First, to use ipchains, running as root is required. Here is an example first rule that blocks all input from ports 0 to 7000. /sbin/ipchains -A input -s 0.0.0.0/32 0:7000 -j DENY Now, allow the services that are needed. In this example, connections to port 80 on Ethernet card "eth1" will be allowed and also logged. /sbin/ipchains -A input -s 0.0.0.0/32 80 -p TCP --interface eth1 -j ACCEPT -l Also, blocking output might be necessary. To block the infamous Napster: /sbin/ipchains -A output -d 0.0.0.0/32 4444 -j DENY -l /sbin/ipchains -A output -d 0.0.0.0/32 5555 -j DENY -l /sbin/ipchains -A output -d 0.0.0.0/32 6666 -j DENY -l /sbin/ipchains -A output -d 0.0.0.0/32 7777 -j DENY -l /sbin/ipchains -A output -d 0.0.0.0/32 8888 -j DENY -l To see the complete rule set for ipchains, run: /sbin/ipchains --list For more information, read man ipchains. Once a rule set is created, it is stored in the memory. Because of this, a rule set will not survive a reboot. To keep a rule set after a reboot, run: /sbin/ipchains-save > $IPCHAINS_CONFG where $IPCHAINS_CONFIG is the same as it is in /etc/rc.d/init.d/ipchains, usually /etc/security/ipchains. Another way to automatically reset the rule set after a reboot is to add this to /etc/rc.d/rc.local. /sbin/ipchains-restore < /etc/security/ipchains This is assuming that /etc/security/ipchains is where the rule set file made with ipchains-saveis. More Information Many excellent documents exist on setting up firewalls using ipchains. The first place to look is the Firewall-HOWTO. Another document worth looking at is IPChains and Firewalling. Finally, O'Reilly has an excellent book on firewalls called "Building Internet Firewalls," available here. . Protecting your system begins with a robust firewall. Discover powerful iptables configurations for maximum security.. ipchains, firewall configuration, network protection, packet filtering, security management. . Anthony Pell

Aug 14, 2000 • Anthony Pell How to Learn Tips and Tricks